GHSA-9HHF-XMCW-R3XG phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...

GHSA-6648-6G96-MG35 phpMyFAQ User Removal Page Allows Spoofing Of User Details

Summary phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. Details phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing...

phpMyFAQ User Removal Page Allows Spoofing Of User Details

Summary phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. Details phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing...

CVE-2024-22202

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn'...

CVE-2024-22202 User Removal Page Allows Spoofing Of User Details

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn'...

CVE-2024-22202

phpMyFAQ contains a vulnerability in the user removal page that lets an attacker spoof another user’s details and trigger phishing-style account deletion emails to administrators. The issue arises because the front-end does not enforce data integrity on the removal request, enabling an attacker (...

CVE-2024-22202 User Removal Page Allows Spoofing Of User Details

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn'...

CVE-2024-22202 User Removal Page Allows Spoofing Of User Details

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn'...

PT-2024-19270 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.5 Description: The issue allows an attacker to spoof another user's details, making a compelling phishing case for removing another user's account. Although the front-end of the user removal page does not allow...

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal...

phpMyFAQ Security Vulnerabilities

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.4, which stems from an insecure fallback of a filename in phpMyFAQphpmyfaqadminattachments.php that could result in allowing JavaScript...

phpMyFAQ Access Control Error Vulnerability

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. An Access Control Error vulnerability exists in versions prior to phpMyFAQ 3.2.5, which stems from a user deletion page that allows an attacker to spoof another user's details to create a...

phpMyFAQ Security Vulnerabilities

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in versions prior to phpMyFAQ 3.2.5 that stems from allowing any unauthenticated participant to abuse the application to send arbitrary emails to a large number...

phpMyFAQ < 3.1.17 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

phpMyFAQ cross-site scripting vulnerability (CNVD-2023-9902999)

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.17, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting. The vulnerability is due to ajax.tags.php and tags.js having improper tagName sanitization for. This can lead to Stored XSS if a tag name contains malicious JavaScript code...

GHSA-4H37-Q5J3-HW96 phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17...

phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17...

phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17...

CVE-2023-6890

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17...