Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1756 matches found

Tenable Nessus
Tenable Nessusadded 2024/02/15 12:0 a.m.18 views

FreeBSD : phpmyfaq -- multiple vulnerabilities (cbfc1591-c8c0-11ee-b45a-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cbfc1591-c8c0-11ee-b45a-589cfc0f81b0 advisory. - phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on...

5.8AI score
Exploits0References4
SUSE CVE
SUSE CVEadded 2024/02/09 3:0 a.m.1 views

SUSE CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

6.1CVSS7.2AI score0.03118EPSS
Exploits1References2
Veracode
Veracodeadded 2024/02/06 10:43 a.m.12 views

Account Spoofing

phpMyFAQ is vulnerable to User Account Spoofing. The vulnerability is due to the user removal page lacking backend validation, allowing an attacker to manipulate form details by intercepting the request via a proxy, which can allow an attacker to trick an admin into removing the account...

6.5CVSS6.7AI score0.00285EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2024/02/06 6:21 a.m.19 views

Phishing Attack

phpmyfaq/phpmyfaq is vulnerability to a Phishing Attack. The vulnerability is due the functionality to share articles. This vulnerability allows an unauthenticated attacker to utilize the target application's email server to send thousands of phishing messages because the backend email address...

6.5CVSS7AI score0.01184EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2024/02/06 5:22 a.m.14 views

Cross Site Scripting (XSS)

phpmyfaq/phpmyfaq is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper filename sanitization within phpMyFAQ\phpmyfaq\admin\attachments.php, allowing an attacker to execute arbitrary JavaScript code in the client side resulting in XSS...

6.5CVSS6.8AI score0.03118EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVASadded 2024/02/06 12:0 a.m.24 views

phpMyFAQ < 3.2.5 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

6.5CVSS7.2AI score0.03118EPSS
Exploits3References4
NVD
NVDadded 2024/02/05 9:15 p.m.9 views

CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

6.5CVSS6.6AI score0.03118EPSS
Exploits1References3
NVD
NVDadded 2024/02/05 9:15 p.m.7 views

CVE-2024-22208

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

6.5CVSS6.6AI score0.01184EPSS
Exploits1References2
Prion
Prionadded 2024/02/05 9:15 p.m.14 views

Design/Logic Flaw

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

6.4CVSS7.4AI score0.01184EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/02/05 8:57 p.m.2 views

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

6.5CVSS7.4AI score0.03118EPSS
Exploits1References3
OSV
OSVadded 2024/02/05 8:57 p.m.24 views

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

6.5CVSS6.5AI score0.03118EPSS
Exploits1References5
Cvelist
Cvelistadded 2024/02/05 8:57 p.m.18 views

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

6.5CVSS6.8AI score0.03118EPSS
Exploits1References3
CVE
CVEadded 2024/02/05 8:57 p.m.61 views

CVE-2024-24574

CVE-2024-24574 affects phpMyFAQ; unsafe echo of the filename in phpMyFAQ/phpmyfaq/admin/attachments.php enables a stored XSS (client-side JavaScript execution). The vulnerability has been patched in version 3.2.5. Affected description and references from multiple sources (NVD, Red Hat, GHSA) conf...

6.5CVSS6.3AI score0.03118EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/02/05 8:44 p.m.13 views

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

6.5CVSS6.5AI score0.01184EPSS
Exploits1References4
Cvelist
Cvelistadded 2024/02/05 8:44 p.m.16 views

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

6.5CVSS6.8AI score0.01184EPSS
Exploits1References2
CVE
CVEadded 2024/02/05 8:44 p.m.58 views

CVE-2024-22208

CVE-2024-22208 affects phpMyFAQ, where the front-end sharing feature allows unauthenticated users to email multiple recipients (the UI supports 5 addresses) and, due to backend lack of enforcement, can be abused to send thousands of phishing emails via the app’s mail server. The issue stems from ...

6.5CVSS6.5AI score0.01184EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/02/05 8:44 p.m.5 views

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

6.5CVSS6.6AI score0.01184EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2024/02/05 8:22 p.m.27 views

phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

6.5CVSS6.3AI score0.03118EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2024/02/05 8:22 p.m.18 views

GHSA-7M8G-FPRR-47FX phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

6.5CVSS6.4AI score0.03118EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2024/02/05 8:21 p.m.23 views

phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...

6.5CVSS7.3AI score0.01184EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder