Thorsten Phpmyfaq vulnerabilities
117 known vulnerabilities affecting thorsten/phpmyfaq.
Total CVEs
117
CISA KEV
0
Public exploits
8
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH37MEDIUM69LOW2
Vulnerabilities
Page 1 of 6
CVE-2025-69200P1HIGHCVSS 7.5ExploitedPoCfixed in 4.0.162025-12-29
CVE-2025-69200 [HIGH] CWE-202 CVE-2025-69200: phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remo
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credenti
ghsanvdosv
CVE-2026-46364P2CRITICALCVSS 9.8PoCfixed in 4.1.22026-05-15
CVE-2026-46364 [CRITICAL] CWE-89 CVE-2026-46364: phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::gar
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent head
nvd
CVE-2026-24421P3MEDIUMCVSS 6.5PoCfixed in 4.1.42026-01-24
CVE-2026-24421 [MEDIUM] CWE-862 CVE-2026-24421: phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigg
ghsanvdosv
CVE-2024-55889P3HIGHCVSS 7.2PoCfixed in 3.2.102024-12-13
CVE-2024-55889 [HIGH] CWE-451 CVE-2024-55889: phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in t
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Version 3.2.10 fixes the issue.
ghsanvdosv
CVE-2026-45010P2CRITICALCVSS 9.1fixed in 4.1.22026-05-15
CVE-2026-45010 [CRITICAL] CWE-307 CVE-2026-45010: phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerab
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token value
nvd
CVE-2025-59943P2CRITICALCVSS 9.8v>= 4.0.7, < 4.0.132025-10-03
CVE-2025-59943 [CRITICAL] CWE-284 CVE-2025-59943: phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enf
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this
ghsanvdosv
CVE-2026-35671P3HIGHCVSS 8.8fixed in 4.1.32026-05-28
CVE-2026-35671 [HIGH] CWE-266 CVE-2026-35671: phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API us
phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to SuperAdmin by modifying the userId parameter in the overwrit
nvd
CVE-2022-3766P3MEDIUMPoC≥ 0, < 3.1.82022-10-31
CVE-2022-3766 [MEDIUM] CWE-79 phpMyFAQ vulnerable to reflected Cross-site Scripting
phpMyFAQ vulnerable to reflected Cross-site Scripting
phpMyFAQ prior to version 3.1.8 is vulnerable to reflected cross-site scripting.
ghsaosv
CVE-2022-4407P3MEDIUMPoC≥ 0, < 3.1.92022-12-11
CVE-2022-4407 [MEDIUM] CWE-79 phpMyFAQ vulnerable to Cross-site Scripting
phpMyFAQ vulnerable to Cross-site Scripting
phpMyFAQ prior to version 3.1.9 is vulnerable to reflected Cross-site Scripting (XSS).
ghsaosv
CVE-2026-35675P3HIGHCVSS 8.2fixed in 4.1.32026-05-28
CVE-2026-35675 [HIGH] CWE-307 CVE-2026-35675: phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via email, and achieve complete account takeover including ad
nvd
CVE-2023-1880P3HIGHPoC≥ 0, < 3.1.122023-04-05
CVE-2023-1880 [HIGH] CWE-79 thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the artlang parameter. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-5863P3MEDIUMPoC≥ 0, < 3.2.22023-10-31
CVE-2023-5863 [MEDIUM] CWE-79 phpMyFAQ Cross-site Scripting vulnerability
phpMyFAQ Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
ghsaosv
CVE-2026-35676P3HIGHCVSS 8.2fixed in 4.1.32026-05-28
CVE-2026-35676 [HIGH] CWE-640 CVE-2026-35676: phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password
phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sending PUT requests to the /api/index.php/user/password/update
nvd
CVE-2026-35672P3HIGHCVSS 7.5fixed in 4.1.32026-05-28
CVE-2026-35672 [HIGH] CWE-1188 CVE-2026-35672: phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via POST endpoints /api/v4.0/faq/create, /api/v4.0/category, a
nvd
CVE-2024-27299P3HIGHCVSS 8.8v3.2.52024-03-25
CVE-2024-27299 [HIGH] CWE-89 CVE-2024-27299: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate da
nvd
CVE-2026-27836P3HIGHCVSS 7.5fixed in 4.0.182026-02-27
CVE-2026-27836 [HIGH] CWE-862 CVE-2026-27836: phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoi
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Vers
ghsanvdosv
CVE-2025-62519P3HIGHCVSS 7.2fixed in 4.0.142025-11-17
CVE-2025-62519 [HIGH] CWE-89 CVE-2025-62519: phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL inject
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, includin
ghsanvdosv
CVE-2024-28107P3HIGHCVSS 8.8v3.2.52024-03-25
CVE-2024-28107 [HIGH] CWE-89 CVE-2024-28107: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerab
nvd
CVE-2023-0789P3CRITICAL≥ 0, < 3.1.112023-02-12
CVE-2023-0789 [CRITICAL] CWE-77 Command Injection in thorsten/phpmyfaq
Command Injection in thorsten/phpmyfaq
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-1886P3HIGH≥ 0, < 3.1.122023-04-05
CVE-2023-1886 [HIGH] CWE-294 thorsten/phpmyfaq vulnerable to authentication bypass
thorsten/phpmyfaq vulnerable to authentication bypass
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to authentication bypass by capture-relay that allows unlimited comments to be sent. This has been fixed in 3.1.12.
ghsaosv
1 / 6Next →