Lucene search
K

1801 matches found

Github Security Blog
Github Security Blog
added 2026/05/20 3:45 p.m.11 views

phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation

Summary The password reset API can be triggered without authentication and without any out-of-band confirmation step. If an attacker knows a valid username + email pair, they can call the reset endpoint directly. The application immediately generates a new password, writes it to the account, and...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/20 3:45 p.m.5 views

GHSA-9QV9-8XV6-5P35 phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation

Summary The password reset API can be triggered without authentication and without any out-of-band confirmation step. If an attacker knows a valid username + email pair, they can call the reset endpoint directly. The application immediately generates a new password, writes it to the account, and...

8.2CVSS5.8AI score0.00241EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.11 views

CVE-2026-46362

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.12 views

CVE-2026-45008

phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...

7CVSS5.9AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 9:31 p.m.9 views

GHSA-WJ3Q-VW2V-3RJ3 Duplicate Advisory: phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-whqh-9pq5-c7r3. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that...

5.4CVSS5.5AI score0.00153EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 9:31 p.m.8 views

GHSA-CH9Q-C9MP-J5GQ Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and...

9.8CVSS5.5AI score0.01709EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 9:31 p.m.5 views

GHSA-478M-MRW4-QF2W Duplicate Advisory: phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and...

8.2CVSS5.2AI score0.00249EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 9:31 p.m.4 views

GHSA-6626-79JH-5CCR Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pq7-mfwh-xx2j. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the...

9.3CVSS5.6AI score0.00339EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.12 views

Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9525-27vj-c8r8. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl that allows authenticat...

8.3CVSS5.1AI score0.00215EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.10 views

Duplicate Advisory: phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and...

8.2CVSS5.2AI score0.00249EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.8 views

Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pq7-mfwh-xx2j. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the...

9.3CVSS5.6AI score0.00339EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Duplicate Advisory: phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jrc5-w569-h7h5. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows...

5.3CVSS5.3AI score0.00168EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.12 views

Duplicate Advisory: phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gh9p-q46p-57g2. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with...

7CVSS5.5AI score0.00266EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.16 views

Duplicate Advisory: phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f5p7-2c9q-8896. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that...

5.4CVSS5.2AI score0.00153EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.7 views

Duplicate Advisory: phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks...

8.7CVSS5.3AI score0.00259EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Duplicate Advisory: phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cx3-2qx2-3g6w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId...

5.4CVSS5.5AI score0.0018EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.13 views

Duplicate Advisory: phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-whqh-9pq5-c7r3. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that...

5.4CVSS5.5AI score0.00153EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.10 views

Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.10 views

Duplicate Advisory: phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hpgw-ww76-c68r. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in...

7.1CVSS5.6AI score0.00303EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.8 views

Duplicate Advisory: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pm8c-3qq3-72w7. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated...

7.7CVSS6AI score0.00212EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder