Thorsten Phpmyfaq vulnerabilities
117 known vulnerabilities affecting thorsten/phpmyfaq.
Total CVEs
117
CISA KEV
0
Public exploits
8
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH37MEDIUM69LOW2
Vulnerabilities
Page 2 of 6
CVE-2026-24422P3HIGHCVSS 7.5fixed in 4.0.172026-01-24
CVE-2026-24422 [HIGH] CWE-200 CVE-2026-24422: phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API en
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along w
ghsanvdosv
CVE-2023-0311P3CRITICAL≥ 0, < 3.1.102023-01-16
CVE-2023-0311 [CRITICAL] CWE-287 phpMyFAQ Improper Authentication vulnerability
phpMyFAQ Improper Authentication vulnerability
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
ghsaosv
CVE-2023-5227P3MEDIUM≥ 0, < 3.1.182023-09-30
CVE-2023-5227 [MEDIUM] CWE-434 phpMyFAQ allows unrestricted file types in image field
phpMyFAQ allows unrestricted file types in image field
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
ghsaosv
CVE-2026-34728P3HIGHCVSS 8.1fixed in 4.1.12026-04-02
CVE-2026-34728 [HIGH] CWE-22 CVE-2026-34728: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTER_SANITIZE_SPECIAL_C
nvd
CVE-2024-28105P3HIGHCVSS 7.2v3.2.52024-03-25
CVE-2024-28105 [HIGH] CWE-434 CVE-2024-28105: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the sy
nvd
CVE-2026-46366P3HIGHCVSS 7.5fixed in 4.1.22026-05-15
CVE-2026-46366 [HIGH] CWE-863 CVE-2026-46366: phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId()
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including t
nvd
CVE-2026-46359P3HIGHCVSS 7.5fixed in 4.1.22026-05-15
CVE-2026-46359 [HIGH] CWE-89 CVE-2026-46359: phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allow
phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database qu
nvd
CVE-2023-0788P3CRITICAL≥ 0, < 3.1.112023-02-12
CVE-2023-0788 [CRITICAL] CWE-94 Code Injection in thorsten/phpmyfaq
Code Injection in thorsten/phpmyfaq
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-1762P3HIGH≥ 0, < 3.1.122023-03-31
CVE-2023-1762 [HIGH] CWE-269 thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to privilege escalation from improper privilege management. Any user with the ability to add a new user can create a user with super admin rights. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-2429P3MEDIUM≥ 0, < 3.1.132023-04-30
CVE-2023-2429 [MEDIUM] CWE-284 phpMyFAQ Improper Access Control vulnerability
phpMyFAQ Improper Access Control vulnerability
phpMyFAQ prior to version 3.1.13 does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the system, including email addresses belonging to other users such as the administrator. Once the attacker has control of the o
ghsaosv
CVE-2023-53929P3MEDIUM≥ 0, ≤ 3.1.122025-12-18
CVE-2023-53929 [MEDIUM] CWE-1236 phpMyFAQ contains a CSV injection vulnerability
phpMyFAQ contains a CSV injection vulnerability
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.
ghsaosv
CVE-2026-49205P3MEDIUMCVSS 6.5≥ 0, < 4.1.42026-06-23
CVE-2026-49205 [MEDIUM] CWE-862 phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)
phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)
Missing Authorization in API CategoryController — CVE-2026-24421 fixed BackupController by adding userHasPermission(PermissionType::BACKUP). The same fix was NOT applied to 4 other write endpoints in the public API. All 4 only call hasValidToken() (shared API key) but never ca
ghsa
CVE-2024-54141P3HIGHCVSS 7.5fixed in 4.0.02024-12-06
CVE-2024-54141 [HIGH] CWE-209 CVE-2024-54141: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.
ghsanvdosv
CVE-2026-46362P3MEDIUMCVSS 6.5fixed in 4.1.22026-05-15
CVE-2026-46362 [MEDIUM] CWE-863 CVE-2026-46362: phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationContro
phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system informati
nvd
CVE-2023-0793P3HIGH≥ 0, < 3.1.112023-02-12
CVE-2023-0793 [HIGH] CWE-521 Weak Password Requirements in thorsten/phpmyfaq
Weak Password Requirements in thorsten/phpmyfaq
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2026-24420P3MEDIUMCVSS 6.5fixed in 4.0.172026-01-24
CVE-2026-24420 [MEDIUM] CWE-284 CVE-2026-24420: phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated use
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission
ghsanvdosv
CVE-2023-1753P3MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1753 [MEDIUM] CWE-521 phpMyFAQ has weak password requirements
phpMyFAQ has weak password requirements
Weak password requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ghsaosv
CVE-2023-0307P3MEDIUM≥ 0, < 3.1.102023-01-16
CVE-2023-0307 [MEDIUM] CWE-521 phpMyFAQ has Weak Password Requirements
phpMyFAQ has Weak Password Requirements
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10
ghsaosv
CVE-2024-22208P3MEDIUMCVSS 6.5fixed in 3.2.52024-02-05
CVE-2024-22208 [MEDIUM] CWE-863 CVE-2024-22208: phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The
nvd
CVE-2024-22202P3MEDIUMCVSS 6.5fixed in 3.2.52024-02-05
CVE-2024-22202 [MEDIUM] CWE-284 CVE-2024-22202: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can uti
nvd