Phpmyfaq

Phpmyfaq

140 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2014-0813

  • EPSS 0.39%
  • Veröffentlicht 14.02.2014 16:55:13
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.

4.3

CVE-2014-0814

  • EPSS 0.53%
  • Veröffentlicht 14.02.2014 16:55:13
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2010-4821

Exploit
  • EPSS 2.86%
  • Veröffentlicht 22.10.2012 23:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

7.5

CVE-2011-4825

Exploit
  • EPSS 83.04%
  • Veröffentlicht 15.12.2011 03:57:34
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject a...

5

CVE-2011-3783

  • EPSS 0.28%
  • Veröffentlicht 24.09.2011 00:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.

7.5

CVE-2010-4558

  • EPSS 0.62%
  • Veröffentlicht 17.12.2010 19:00:26
  • Zuletzt bearbeitet 29.04.2026 01:13:23

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.

4.3

CVE-2009-4780

Exploit
  • EPSS 0.14%
  • Veröffentlicht 21.04.2010 14:30:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) t...

4.3

CVE-2009-4040

  • EPSS 0.32%
  • Veröffentlicht 20.11.2009 19:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.

6.8

CVE-2007-1032

  • EPSS 0.86%
  • Veröffentlicht 21.02.2007 11:28:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."

7.5

CVE-2006-6912

  • EPSS 0.4%
  • Veröffentlicht 31.12.2006 05:00:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.