phpMyFAQ v3.1.12 - CSV Injection

Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

phpMyFAQ v3.1.12 - CSV Injection Vulnerability

Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

GHSA-R69V-Q48G-3966 phpMyFAQ Improper Access Control vulnerability

phpMyFAQ prior to version 3.1.13 does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the system, including email addresses belonging to...

phpMyFAQ Improper Access Control vulnerability

phpMyFAQ prior to version 3.1.13 does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the system, including email addresses belonging to...

GHSA-8595-6653-96P2 phpMyFAQ vulnerable to Stored Cross-site Scripting

phpMyFAQ prior to version 3.1.13 has a stored cross site scripting vulnerability in name field in add question module. This allows an attacker to steal user cookies...

phpMyFAQ vulnerable to Stored Cross-site Scripting

phpMyFAQ prior to version 3.1.13 has a stored cross site scripting vulnerability in name field in add question module. This allows an attacker to steal user cookies...

CVE-2023-2429

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

CVE-2023-2428 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

CVE-2023-2428 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

CVE-2023-2429 Improper Access Control in thorsten/phpmyfaq

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

CVE-2023-2429

The CVE-2023-2429 issue affects thorsten/phpmyfaq prior to 3.1.13, with an improper access control flaw related to user profile updates. The OpenVAS/OSV/GHSA entries describe that the vulnerability stems from insufficient validation of email addresses during user-profile changes, enabling an atta...

phpMyFAQ 访问控制错误漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. An access control error vulnerability exists in versions prior to phpMyFAQ 3.1.13, which stems from improper access control...

CVE-2023-2428 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

CVE-2023-2428

This CVE refers to phpMyFAQ prior to version 3.1.13, where a stored XSS vulnerability exists in the name field of the add question module in thorsten/phpmyfaq. The underlying issue is a stored XSS in user-supplied input that is kept in the database and rendered without proper sanitization, enabli...

PT-2023-19508 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.1.13 Description: The issue is related to a stored Cross-site Scripting XSS vulnerability. This vulnerability allows an attacker to steal user cookies by exploiting the name field in the add question module...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.13. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

PT-2023-19516 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.13 Description: The issue is related to improper access control in the thorsten/phpmyfaq GitHub repository. Specifically, phpMyFAQ does not properly validate email addresses when updating user profiles,...

CVE-2023-2429 Improper Access Control in thorsten/phpmyfaq

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists in user.php because the username parameter is not properly sanitized which allows an attacker to inject and execute arbitrary javascript...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ Cross-Site Scripting Vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...