FreeBSD : phpmyfaq -- multiple vulnerabilities (cbfc1591-c8c0-11ee-b45a-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cbfc1591-c8c0-11ee-b45a-589cfc0f81b0 advisory. - phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on...

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2024-22208

CVE-2024-22208 affects phpMyFAQ, where the front-end sharing feature allows unauthenticated users to email multiple recipients (the UI supports 5 addresses) and, due to backend lack of enforcement, can be abused to send thousands of phishing emails via the app’s mail server. The issue stems from ...

phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...