CVE-2026-57961
- EPSS -
- Veröffentlicht 10.07.2026 13:58:00
- Zuletzt bearbeitet 10.07.2026 17:41:47
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that...
CVE-2026-57994
- EPSS -
- Veröffentlicht 10.07.2026 13:58:00
- Zuletzt bearbeitet 10.07.2026 17:41:47
phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive (draft or review-only) FAQ content. Specifically, GET /api/v3.1/faq/{cat...
CVE-2026-57995
- EPSS 0.33%
- Veröffentlicht 30.06.2026 22:08:42
- Zuletzt bearbeitet 02.07.2026 17:48:43
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated admin...
CVE-2026-56396
- EPSS 0.25%
- Veröffentlicht 21.06.2026 13:27:03
- Zuletzt bearbeitet 23.06.2026 15:16:39
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin f...
CVE-2026-34974
- EPSS 0.18%
- Veröffentlicht 02.04.2026 14:48:22
- Zuletzt bearbeitet 06.04.2026 16:09:58
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. Any user with edit_faq...
CVE-2026-34973
- EPSS 0.34%
- Veröffentlicht 02.04.2026 14:47:22
- Zuletzt bearbeitet 06.04.2026 16:11:33
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. Howev...
CVE-2026-34729
- EPSS 0.24%
- Veröffentlicht 02.04.2026 14:46:22
- Zuletzt bearbeitet 07.04.2026 14:52:49
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1.
CVE-2026-34728
- EPSS 0.69%
- Veröffentlicht 02.04.2026 14:44:19
- Zuletzt bearbeitet 07.04.2026 14:57:06
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated ...
CVE-2026-32629
- EPSS 0.26%
- Veröffentlicht 02.04.2026 14:43:14
- Zuletzt bearbeitet 07.04.2026 16:10:02
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 (quoted local part) yet contains raw HTML — for example "<script...
CVE-2026-27836
- EPSS 0.41%
- Veröffentlicht 27.02.2026 19:54:51
- Zuletzt bearbeitet 04.03.2026 16:08:53
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allo...