threat
engine
.sh
Back
·
··:··
Home
/
Product
/
phpmyfaq
Product
phpmyfaq
140 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34974
< 4.1.1
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.ph
5.4
MEDIUM
CVE-2026-34973
all versions
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Se
5.3
MEDIUM
CVE-2026-34729
< 4.1.1
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Fi
6.1
MEDIUM
CVE-2026-34728
< 4.1.1
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file de
8.7
HIGH
CVE-2026-32629
< 4.1.1
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an
6.1
MEDIUM
CVE-2026-27836
< 4.0.18
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (
/api/webauthn/prepare
) c
7.5
HIGH
CVE-2026-24422
< 4.0.17
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sens
5.3
MEDIUM
CVE-2026-24420
< 4.0.17
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment per
6.5
MEDIUM
CVE-2026-24421
< 4.0.17
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/s
6.5
MEDIUM
CVE-2025-69200
< 4.0.16
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger genera
7.5
HIGH
CVE-2025-68951
>= 4.0.14 and < 4.0.16
phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability
5.4
MEDIUM
CVE-2023-53929
all versions
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their pro
8.8
HIGH
CVE-2025-62519
< 4.0.14
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main
7.2
HIGH
CVE-2025-59943
all versions
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addre
8.1
HIGH
CVE-2024-56199
>= 3.2.10 and < 4.0.2
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can
5.2
MEDIUM
CVE-2024-55889
< 3.2.10
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where
4.9
MEDIUM
CVE-2024-54141
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ ex
8.6
HIGH
CVE-2024-29196
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal v
3.8
LOW
CVE-2024-29179
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin priv
4.8
MEDIUM
CVE-2024-28108
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validat
4.7
MEDIUM
CVE-2024-28107
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerabil
8.8
HIGH
CVE-2024-28106
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news pa
4.3
MEDIUM
CVE-2024-28105
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload f
7.2
HIGH
CVE-2024-27300
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The
email
field in phpMyF
5.5
MEDIUM
CVE-2024-27299
all versions
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerabili
8.8
HIGH
CVE-2024-24574
< 3.2.5
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in
6.5
MEDIUM
CVE-2024-22208
< 3.2.5
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functiona
6.5
MEDIUM
CVE-2024-22202
< 3.2.5
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal pag
5.7
MEDIUM
CVE-2023-6890
< 3.1.17
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
5.4
MEDIUM
CVE-2023-6889
< 3.1.17
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
5.4
MEDIUM
CVE-2023-5867
< 3.2.2
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
5.4
MEDIUM
CVE-2023-5866
< 3.2.1
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
5.7
MEDIUM
CVE-2023-5865
< 3.2.2
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
9.8
CRITICAL
CVE-2023-5864
< 3.2.1
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
4.8
MEDIUM
CVE-2023-5863
< 3.2.2
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
6.1
MEDIUM
CVE-2023-5320
< 3.1.18
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
6.1
MEDIUM
CVE-2023-5319
< 3.1.18
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
5.4
MEDIUM
CVE-2023-5317
< 3.1.18
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
5.4
MEDIUM
CVE-2023-5316
< 3.1.18
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
6.1
MEDIUM
CVE-2023-5227
< 3.1.8
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
9.8
CRITICAL
CVE-2023-4007
< 3.1.16
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
5.4
MEDIUM
CVE-2023-4006
< 3.1.16
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
9.8
CRITICAL
CVE-2023-3469
<= 3.1.14
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
4.8
MEDIUM
CVE-2023-2999
< 3.1.14
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
6.1
MEDIUM
CVE-2023-2998
< 3.1.14
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
6.1
MEDIUM
CVE-2023-2753
< 3.2.0
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
5.4
MEDIUM
CVE-2023-2752
< 3.2.0
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
5.4
MEDIUM
CVE-2023-2550
< 3.1.13
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
4.8
MEDIUM
CVE-2023-2427
< 3.1.13
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
4.8
MEDIUM
CVE-2023-2429
< 3.1.13
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
9.8
CRITICAL
CVE-2023-2428
< 3.1.13
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
5.4
MEDIUM
CVE-2023-1875
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.4
MEDIUM
CVE-2023-1887
< 3.1.12
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
4.3
MEDIUM
CVE-2023-1886
< 3.1.12
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
7.3
HIGH
CVE-2023-1885
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
6.3
MEDIUM
CVE-2023-1884
< 3.1.12
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
6.1
MEDIUM
CVE-2023-1883
< 3.1.12
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.4
MEDIUM
CVE-2023-1882
< 3.1.12
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.4
MEDIUM
CVE-2023-1880
< 3.1.12
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
6.1
MEDIUM
CVE-2023-1879
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.4
MEDIUM
CVE-2023-1878
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.4
MEDIUM
CVE-2023-1758
< 3.1.12
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq pri
5.4
MEDIUM
CVE-2023-1757
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.4
MEDIUM
CVE-2023-1756
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
4.7
MEDIUM
CVE-2023-1762
< 3.1.12
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
8.8
HIGH
CVE-2023-1761
< 3.1.12
Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
6.3
MEDIUM
CVE-2023-1760
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
4.8
MEDIUM
CVE-2023-1759
< 3.1.12
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
4.8
MEDIUM
CVE-2023-1755
< 3.1.12
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.4
MEDIUM
CVE-2023-1754
< 3.1.12
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
4.7
MEDIUM
CVE-2023-1753
< 3.1.12
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
5.5
MEDIUM
CVE-2023-0880
< 3.1.11
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
8.3
HIGH
CVE-2023-0794
< 3.1.11
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
8.3
HIGH
CVE-2023-0793
< 3.1.11
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
7.1
HIGH
CVE-2023-0792
< 3.1.11
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
6.5
MEDIUM
CVE-2023-0791
< 3.1.11
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
8.3
HIGH
CVE-2023-0790
< 3.1.11
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
7.6
HIGH
CVE-2023-0789
< 3.1.11
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
8.1
HIGH
CVE-2023-0788
< 3.1.11
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
8.1
HIGH
CVE-2023-0787
< 3.1.11
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
8.1
HIGH
CVE-2023-0786
< 3.1.11
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
8.4
HIGH
CVE-2023-0314
< 3.1.10
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
6.1
MEDIUM
CVE-2023-0313
< 3.1.10
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
5.4
MEDIUM
CVE-2023-0312
< 3.1.10
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
6.1
MEDIUM
CVE-2023-0311
< 3.1.10
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
9.8
CRITICAL
CVE-2023-0310
< 3.1.10
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
5.4
MEDIUM
CVE-2023-0309
< 3.1.10
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
5.4
MEDIUM
CVE-2023-0308
< 3.1.10
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
5.4
MEDIUM
CVE-2023-0307
< 3.1.10
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
9.8
CRITICAL
CVE-2023-0306
< 3.1.10
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
5.4
MEDIUM
CVE-2022-4409
< 3.1.9
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
7.5
HIGH
CVE-2022-4408
< 3.1.9
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
5.4
MEDIUM
CVE-2022-4407
< 3.1.9
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
6.1
MEDIUM
CVE-2022-3766
< 3.1.8
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
6.1
MEDIUM
CVE-2022-3765
< 3.1.8
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
5.4
MEDIUM
CVE-2022-3754
< 3.1.8
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
9.8
CRITICAL
CVE-2022-3608
<= 3.1.7
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
8.4
HIGH
CVE-2018-16651
< 2.9.11
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
7.2
HIGH
CVE-2018-16650
< 2.9.11
phpMyFAQ before 2.9.11 allows CSRF.
8.8
HIGH
CVE-2014-6050
< 2.8.13
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
5.3
MEDIUM
CVE-2014-6049
< 2.8.13
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID p
2.7
LOW
CVE-2014-6048
< 2.8.13
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
5.3
MEDIUM
CVE-2014-6047
< 2.8.13
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging inco
5.3
MEDIUM
CVE-2014-6046
< 2.8.13
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authenti
8.8
HIGH
CVE-2014-6045
< 2.8.13
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitr
7.2
HIGH
CVE-2017-15809
<= 2.9.8
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
6.1
MEDIUM
CVE-2017-15808
<= 2.9.8
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
8.8
HIGH
CVE-2017-15735
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
8.8
HIGH
CVE-2017-15734
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
8.8
HIGH
CVE-2017-15733
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
8.8
HIGH
CVE-2017-15732
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
8.8
HIGH
CVE-2017-15731
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
8.8
HIGH
CVE-2017-15730
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
8.8
HIGH
CVE-2017-15729
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
8.8
HIGH
CVE-2017-15728
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
4.8
MEDIUM
CVE-2017-15727
<= 2.9.8
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
5.4
MEDIUM
CVE-2017-14619
<= 2.9.8
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML
6.1
MEDIUM
CVE-2017-14618
<= 2.9.8
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary
4.8
MEDIUM
CVE-2017-11187
<= 2.9.7
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
9.8
CRITICAL
CVE-2017-7579
<= 2.9.6
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
6.1
MEDIUM
CVE-2014-0814
<= 2.8.5
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML v
CVE-2014-0813
<= 2.8.5
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of a
CVE-2010-4821
<= 2.6.8
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML v
CVE-2011-4825
all versions
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before
CVE-2011-3783
all versions
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the ins
CVE-2010-4558
all versions
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modifica
CVE-2009-4780
<= 2.5.4
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitra
CVE-2009-4040
<= 2.0.16
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7
CVE-2007-1032
<= 1.6.9
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the pr
CVE-2006-6913
<= 1.6.7
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified ve
CVE-2006-6912
<= 1.6.7
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecifie
CVE-2005-3734
all versions
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject
CVE-2005-3050
all versions
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals
CVE-2005-3049
all versions
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which all
CVE-2005-3048
all versions
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitr
CVE-2005-3047
all versions
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTM
CVE-2005-3046
all versions
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator
CVE-2005-0702
all versions
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username fi
CVE-2004-2257
all versions
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct r
5.3
MEDIUM
CVE-2004-2255
all versions
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local P
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin