Thorsten Phpmyfaq vulnerabilities
117 known vulnerabilities affecting thorsten/phpmyfaq.
Total CVEs
117
CISA KEV
0
Public exploits
8
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH37MEDIUM69LOW2
Vulnerabilities
Page 6 of 6
CVE-2023-4007P4HIGH≥ 0, < 3.1.162023-07-31
CVE-2023-4007 [HIGH] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability
phpMyFAQ Stored Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
ghsaosv
CVE-2023-5319P4HIGH≥ 0, < 3.1.182023-09-30
CVE-2023-5319 [HIGH] CWE-79 phpMyFAQ Cross-site Scripting vulnerability
phpMyFAQ Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
ghsaosv
CVE-2026-34729P4MEDIUMCVSS 4.8fixed in 4.1.12026-04-02
CVE-2026-34729 [MEDIUM] CWE-79 CVE-2026-34729: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulner
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1.
nvd
CVE-2024-29179P4MEDIUMCVSS 4.8v3.2.52024-03-25
CVE-2024-29179 [MEDIUM] CWE-79 CVE-2024-29179: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
nvd
CVE-2023-1754P4MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1754 [MEDIUM] CWE-20 phpMyFAQ vulnerable to improper input validation
phpMyFAQ vulnerable to improper input validation
Improper Neutralization of Input During Web Page Generation in phpMyFAQ
ghsaosv
CVE-2023-2550P4HIGH≥ 0, < 3.1.132023-05-05
CVE-2023-2550 [HIGH] CWE-79 Cross Site Scripting in thorsten/phpmyfaq
Cross Site Scripting in thorsten/phpmyfaq
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to version 3.1.13.
ghsaosv
CVE-2023-1887P4HIGH≥ 0, < 3.1.122023-04-05
CVE-2023-1887 [HIGH] thorsten/phpmyfaq vulnerable to business logic errors
thorsten/phpmyfaq vulnerable to business logic errors
thorsten/phpmyfaq prior to 3.1.12 allows users with edit-only permissions to add and delete categories and add FAQs. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-0880P4MEDIUM≥ 0, < 3.1.112023-02-17
CVE-2023-0880 [MEDIUM] CWE-115 Misinterpretation of Input in thorsten/phpmyfaq
Misinterpretation of Input in thorsten/phpmyfaq
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-0786P4MEDIUM≥ 0, < 3.1.112023-02-12
CVE-2023-0786 [MEDIUM] CWE-79 Cross-site Scripting in thorsten/phpmyfaq
Cross-site Scripting in thorsten/phpmyfaq
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-3469P4MEDIUM≥ 0, < 3.2.0-beta.22023-06-30
CVE-2023-3469 [MEDIUM] CWE-79 phpMyFAQ Cross-site Scripting
phpMyFAQ Cross-site Scripting
phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.
ghsaosv
CVE-2023-5864P4HIGH≥ 0, < 3.2.12023-10-31
CVE-2023-5864 [HIGH] CWE-79 phpMyFAQ Cross-site Scripting vulnerability
phpMyFAQ Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
ghsaosv
CVE-2023-1760P4MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1760 [MEDIUM] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability
phpMyFAQ Stored Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ghsaosv
CVE-2023-2427P4MEDIUM≥ 0, < 3.1.132023-05-05
CVE-2023-2427 [MEDIUM] CWE-79 Cross Site Scripting in thorsten/phpmyfaq
Cross Site Scripting in thorsten/phpmyfaq
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to version 3.1.13.
ghsaosv
CVE-2023-1759P4MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1759 [MEDIUM] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability
phpMyFAQ Stored Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ghsaosv
CVE-2024-29196P4LOWCVSS 2.7v= 3.2.52024-03-26
CVE-2024-29196 [LOW] CWE-22 CVE-2024-29196: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
nvd
CVE-2026-48488P4LOWCVSS 2.7fixed in 4.1.42026-06-08
CVE-2026-48488 [LOW] CWE-328 CVE-2026-48488: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are has
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4 fixes the issue.
ghsanvd
CVE-2018-16650HIGH≥ 0, < 2.9.112022-05-14
CVE-2018-16650 [HIGH] CWE-352 phpMyFAQ CSRF
phpMyFAQ CSRF
phpMyFAQ before 2.9.11 allows CSRF.
ghsaosv
← Previous6 / 6