Phpmyfaq

Phpmyfaq

134 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-24422

Exploit
  • EPSS 0.01%
  • Veröffentlicht 24.01.2026 02:02:30
  • Zuletzt bearbeitet 28.01.2026 18:10:23

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::...

6.5

CVE-2026-24420

Exploit
  • EPSS 0.01%
  • Veröffentlicht 24.01.2026 01:57:28
  • Zuletzt bearbeitet 28.01.2026 18:25:46

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperl...

6.5

CVE-2026-24421

Exploit
  • EPSS 0.01%
  • Veröffentlicht 24.01.2026 01:43:10
  • Zuletzt bearbeitet 30.01.2026 17:29:58

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated()...

7.5

CVE-2025-69200

Exploit
  • EPSS 2.22%
  • Veröffentlicht 29.12.2025 15:24:51
  • Zuletzt bearbeitet 07.01.2026 15:35:10

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessibl...

6.1

CVE-2025-68951

  • EPSS 0.04%
  • Veröffentlicht 29.12.2025 15:18:58
  • Zuletzt bearbeitet 07.01.2026 15:35:12

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose displa...

8

CVE-2023-53929

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.12.2025 22:44:57
  • Zuletzt bearbeitet 31.12.2025 18:45:39

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when ...

7.2

CVE-2025-62519

Exploit
  • EPSS 0.09%
  • Veröffentlicht 17.11.2025 16:48:49
  • Zuletzt bearbeitet 05.01.2026 19:34:10

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute...

9.8

CVE-2025-59943

Exploit
  • EPSS 0.08%
  • Veröffentlicht 03.10.2025 20:06:09
  • Zuletzt bearbeitet 10.10.2025 16:35:13

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email i...

7.6

CVE-2024-56199

Exploit
  • EPSS 0.25%
  • Veröffentlicht 02.01.2025 18:15:20
  • Zuletzt bearbeitet 14.08.2025 17:54:26

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting ...

7.2

CVE-2024-55889

Exploit
  • EPSS 6.98%
  • Veröffentlicht 13.12.2024 14:15:22
  • Zuletzt bearbeitet 14.08.2025 18:56:50

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> e...