Vulnerabilites related to phpmyfaq - phpmyfaq
CVE-2010-4558 (GCVE-0-2010-4558)
Vulnerability from cvelistv5
Published
2010-12-17 18:00
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"name": "ADV-2010-3254",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"name": "42622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-17T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"name": "ADV-2010-3254",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"name": "42622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45442"
},
{
"name": "ADV-2010-3254",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"name": "42622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42622"
},
{
"name": "http://www.phpmyfaq.de/advisory_2010-12-15.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4558",
"datePublished": "2010-12-17T18:00:00Z",
"dateReserved": "2010-12-17T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:36.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15733 (GCVE-0-2017-15733)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-17 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15733",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:56:40.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4825 (GCVE-0-2011-4825)
Vulnerability from cvelistv5
Published
2011-12-15 02:00
Modified
2024-09-17 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"name": "50523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"name": "18075",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-15T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"name": "50523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"name": "18075",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/trac/ticket/2005",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"name": "http://www.phpmyfaq.de/advisory_2011-10-25.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"name": "http://www.phpletter.com/en/DOWNLOAD/1/",
"refsource": "CONFIRM",
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"name": "50523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50523"
},
{
"name": "18075",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4825",
"datePublished": "2011-12-15T02:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:26.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3754 (GCVE-0-2022-3754)
Vulnerability from cvelistv5
Published
2022-10-29 00:00
Modified
2025-05-08 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3754",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:12:28.495192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:13:47.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
}
],
"source": {
"advisory": "f4711d7f-1368-48ab-9bef-45f32e356c47",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3754",
"datePublished": "2022-10-29T00:00:00.000Z",
"dateReserved": "2022-10-29T00:00:00.000Z",
"dateUpdated": "2025-05-08T19:13:47.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0813 (GCVE-0-2014-0813)
Vulnerability from cvelistv5
Published
2014-02-14 16:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#50943964",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"name": "102939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102939"
},
{
"name": "JVNDB-2014-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "phpmyfaq-cve20140813-csrf(90963)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#50943964",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"name": "102939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102939"
},
{
"name": "JVNDB-2014-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "phpmyfaq-cve20140813-csrf(90963)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#50943964",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"name": "102939",
"refsource": "OSVDB",
"url": "http://osvdb.org/102939"
},
{
"name": "JVNDB-2014-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"name": "65368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"name": "http://www.phpmyfaq.de/advisory_2014-02-04.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56006"
},
{
"name": "phpmyfaq-cve20140813-csrf(90963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0813",
"datePublished": "2014-02-14T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1760 (GCVE-0-2023-1760)
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:44:48.135653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:45:03.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
}
],
"source": {
"advisory": "2d0ac48a-490d-4548-8d98-7447042dd1b5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1760",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:45:03.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3047 (GCVE-0-2005-3047)
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3047",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1759 (GCVE-0-2023-1759)
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:45:28.099687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:45:36.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
}
],
"source": {
"advisory": "e8109aed-d364-4c0c-9545-4de0347b10e1",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1759",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:45:36.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55889 (GCVE-0-2024-55889)
Vulnerability from cvelistv5
Published
2024-12-13 13:44
Modified
2024-12-13 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Summary
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T20:42:00.544690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T20:42:24.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim\u0027s machine upon page visit by embedding it in an \u003ciframe\u003e element without user interaction or explicit consent. Version 3.2.10 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T13:44:57.630Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d"
}
],
"source": {
"advisory": "GHSA-m3r7-8gw7-qwvc",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55889",
"datePublished": "2024-12-13T13:44:57.630Z",
"dateReserved": "2024-12-12T15:00:38.902Z",
"dateUpdated": "2024-12-13T20:42:24.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4408 (GCVE-0-2022-4408)
Vulnerability from cvelistv5
Published
2022-12-11 00:00
Modified
2025-04-14 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4408",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:44:13.255649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:59:00.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
}
],
"source": {
"advisory": "2ec4ddd4-de22-4f2d-ba92-3382b452bfea",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4408",
"datePublished": "2022-12-11T00:00:00.000Z",
"dateReserved": "2022-12-11T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:59:00.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5316 (GCVE-0-2023-5316)
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5316",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:05:40.994713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:06:16.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:17.191Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
}
],
"source": {
"advisory": "f877e65a-e647-457b-b105-7e5c9f58fb43",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5316",
"datePublished": "2023-09-30T00:00:17.191Z",
"dateReserved": "2023-09-30T00:00:06.478Z",
"dateUpdated": "2024-09-23T16:06:16.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4407 (GCVE-0-2022-4407)
Vulnerability from cvelistv5
Published
2022-12-11 00:00
Modified
2025-04-14 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4407",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:44:37.548654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:58:47.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
}
],
"source": {
"advisory": "a1649f43-78c9-4927-b313-36911872a84b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4407",
"datePublished": "2022-12-11T00:00:00.000Z",
"dateReserved": "2022-12-11T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:58:47.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0786 (GCVE-0-2023-0786)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-24 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:47:29.506848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T17:47:39.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:08:57.673Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
}
],
"source": {
"advisory": "8c74ccab-0d1d-4c6b-a0fa-803aa65de04f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0786",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-24T17:47:39.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15730 (GCVE-0-2017-15730)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"name": "43064",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43064/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"name": "43064",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43064/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"name": "43064",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43064/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15730",
"datePublished": "2017-10-21T22:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16651 (GCVE-0-2018-16651)
Vulnerability from cvelistv5
Published
2018-09-07 05:00
Modified
2024-08-05 10:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyfaq.de/security/advisory-2018-09-02",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16651",
"datePublished": "2018-09-07T05:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:32:53.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0790 (GCVE-0-2023-0790)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-21 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-248 - Uncaught Exception
Summary
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0790",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:49:20.554827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:49:30.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:07:53.604Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
}
],
"source": {
"advisory": "06af150b-b481-4248-9a48-56ded2814156",
"discovery": "EXTERNAL"
},
"title": "Uncaught Exception in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0790",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:49:30.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5320 (GCVE-0-2023-5320)
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5320",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:16:32.305933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:16:39.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:42.559Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
}
],
"source": {
"advisory": "3a2bc18b-5932-4fb5-a01e-24b2b0443b67",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5320",
"datePublished": "2023-09-30T00:00:42.559Z",
"dateReserved": "2023-09-30T00:00:37.900Z",
"dateUpdated": "2024-09-23T16:16:39.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1886 (GCVE-0-2023-1886)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Summary
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:47:06.330454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:47:10.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:11:46.085Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
}
],
"source": {
"advisory": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass by Capture-replay in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1886",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:47:10.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4409 (GCVE-0-2022-4409)
Vulnerability from cvelistv5
Published
2022-12-11 00:00
Modified
2025-04-14 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4409",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:43:47.871034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:59:13.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
}
],
"source": {
"advisory": "5915ed4c-5fe2-42e7-8fac-5dd0d032727c",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4409",
"datePublished": "2022-12-11T00:00:00.000Z",
"dateReserved": "2022-12-11T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:59:13.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3766 (GCVE-0-2022-3766)
Vulnerability from cvelistv5
Published
2022-10-31 00:00
Modified
2025-05-05 14:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3766",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:09:19.009611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:09:37.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
}
],
"source": {
"advisory": "d9666520-4ff5-43bb-aacf-50c8e5570983",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3766",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-10-31T00:00:00.000Z",
"dateUpdated": "2025-05-05T14:09:37.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0311 (GCVE-0-2023-0311)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:18:50.994023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:19:22.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
}
],
"source": {
"advisory": "82b0b629-c56b-4651-af3f-17f749751857",
"discovery": "EXTERNAL"
},
"title": "Improper Authentication in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0311",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:19:22.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28107 (GCVE-0-2024-28107)
Vulnerability from cvelistv5
Published
2024-03-25 18:47
Modified
2025-04-10 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.25"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-26T19:30:27.977635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:30:21.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` \u0026 `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:47:12.328Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
}
],
"source": {
"advisory": "GHSA-2grw-mc9r-822r",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ SQL injections at insertentry \u0026 saveentry"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28107",
"datePublished": "2024-03-25T18:47:12.328Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2025-04-10T18:30:21.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5864 (GCVE-0-2023-5864)
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-17 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:54:56.451025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:55:06.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:19.789Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
}
],
"source": {
"advisory": "e4b0e8f4-5e06-49d1-832f-5756573623ad",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5864",
"datePublished": "2023-10-31T00:00:19.789Z",
"dateReserved": "2023-10-31T00:00:07.416Z",
"dateUpdated": "2024-09-17T13:55:06.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1754 (GCVE-0-2023-1754)
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1754",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:01:19.152276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:01:25.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
}
],
"source": {
"advisory": "529f2361-eb2e-476f-b7ef-4e561a712e28",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1754",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:01:25.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15728 (GCVE-0-2017-15728)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 22:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15728",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:00.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1883 (GCVE-0-2023-1883)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:49:04.037939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:49:15.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
}
],
"source": {
"advisory": "2f1e417d-cf64-4cfb-954b-3a9cb2f38191",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1883",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:49:15.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5863 (GCVE-0-2023-5863)
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5863",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T17:50:00.906566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:50:14.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:19.197Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
}
],
"source": {
"advisory": "fbfd4e84-61fb-4063-8f11-15877b8c1f6f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5863",
"datePublished": "2023-10-31T00:00:19.197Z",
"dateReserved": "2023-10-31T00:00:06.770Z",
"dateUpdated": "2024-09-05T17:50:14.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4780 (GCVE-0-2009-4780)
Vulnerability from cvelistv5
Published
2010-04-21 14:00
Modified
2024-09-16 19:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37180"
},
{
"name": "37520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-21T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37180"
},
{
"name": "37520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37180"
},
{
"name": "37520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4780",
"datePublished": "2010-04-21T14:00:00Z",
"dateReserved": "2010-04-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:45:51.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15735 (GCVE-0-2017-15735)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15735",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:14.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0793 (GCVE-0-2023-0793)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-21 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0793",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:46:24.808755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:46:31.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWeak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:06:58.466Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
}
],
"source": {
"advisory": "b3881a1f-2f1e-45cb-86f3-735f66e660e9",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0793",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:46:31.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1032 (GCVE-0-2007-1032)
Vulnerability from cvelistv5
Published
2007-02-21 11:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpmyfaq-php-file-upload(32573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"name": "32603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32603"
},
{
"name": "24230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to \"gain the privilege for uploading files on the server.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpmyfaq-php-file-upload(32573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"name": "32603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32603"
},
{
"name": "24230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to \"gain the privilege for uploading files on the server.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpmyfaq-php-file-upload(32573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"name": "http://www.phpmyfaq.de/advisory_2007-02-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"name": "32603",
"refsource": "OSVDB",
"url": "http://osvdb.org/32603"
},
{
"name": "24230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1032",
"datePublished": "2007-02-21T11:00:00",
"dateReserved": "2007-02-20T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3608 (GCVE-0-2022-3608)
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2025-05-08 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-alpha |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3608",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:13:51.887843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:14:06.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-alpha",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-19T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
}
],
"source": {
"advisory": "8f0f3635-9d81-4c55-9826-2ba955c3a850",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3608",
"datePublished": "2022-10-19T00:00:00.000Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2025-05-08T19:14:06.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0308 (GCVE-0-2023-0308)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:54.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:23:14.194987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:23:38.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
}
],
"source": {
"advisory": "83cfed62-af8b-4aaa-94f2-5a33dc0c2d69",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0308",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:23:38.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0310 (GCVE-0-2023-0310)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:20:16.471974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:21:09.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
}
],
"source": {
"advisory": "051d5e20-7fab-4769-bd7d-d986b804bb5a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0310",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:21:09.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0814 (GCVE-0-2014-0814)
Vulnerability from cvelistv5
Published
2014-02-14 16:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "JVN#30050348",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"name": "102940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T17:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "JVN#30050348",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"name": "102940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000015",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"name": "65368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"name": "http://www.phpmyfaq.de/advisory_2014-02-04.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56006"
},
{
"name": "JVN#30050348",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"name": "102940",
"refsource": "OSVDB",
"url": "http://osvdb.org/102940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0814",
"datePublished": "2014-02-14T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15734 (GCVE-0-2017-15734)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 19:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15734",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:21:09.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1885 (GCVE-0-2023-1885)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:47:30.471251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:47:34.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:20:28.599Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
}
],
"source": {
"advisory": "bce84c02-abb2-474f-a67b-1468c9dcabb8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1885",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:47:34.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15732 (GCVE-0-2017-15732)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-17 02:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15732",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:57:40.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1878 (GCVE-0-2023-1878)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:40:29.203819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:40:33.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
}
],
"source": {
"advisory": "93f981a3-231d-460d-a239-bb960e8c2fdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1878",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:40:33.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28108 (GCVE-0-2024-28108)
Vulnerability from cvelistv5
Published
2024-03-25 18:52
Modified
2024-08-02 00:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28108",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:41:12.256056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:50:13.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:48.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn\u0027t check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:52:19.325Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
}
],
"source": {
"advisory": "GHSA-48vw-jpf8-hwqh",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored HTML Injection at contentLink"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28108",
"datePublished": "2024-03-25T18:52:19.325Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-02T00:48:48.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7579 (GCVE-0-2017-7579)
Vulnerability from cvelistv5
Published
2017-04-07 16:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-04-02",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7579",
"datePublished": "2017-04-07T16:00:00",
"dateReserved": "2017-04-07T00:00:00",
"dateUpdated": "2024-08-05T16:04:12.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2550 (GCVE-0-2023-2550)
Vulnerability from cvelistv5
Published
2023-05-05 00:00
Modified
2025-02-12 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2550",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:14:20.097724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:30:39.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
}
],
"source": {
"advisory": "840c8d91-c97e-4116-a9f8-4ab1a38d239b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2550",
"datePublished": "2023-05-05T00:00:00.000Z",
"dateReserved": "2023-05-05T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:30:39.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1887 (GCVE-0-2023-1887)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors
Summary
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:46:37.018056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:46:42.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
}
],
"source": {
"advisory": "e4a58835-96b5-412c-a17e-3ceed30231e1",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1887",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:46:42.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0702 (GCVE-0-2005-0702)
Vulnerability from cvelistv5
Published
2005-03-09 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:39:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14516"
},
{
"name": "http://www.phpmyfaq.de/advisory_2005-03-06.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0702",
"datePublished": "2005-03-09T05:00:00",
"dateReserved": "2005-03-09T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0312 (GCVE-0-2023-0312)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:16:33.654487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:17:04.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
}
],
"source": {
"advisory": "f50ec8d1-cd60-4c2d-9ab8-3711870d83b9",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0312",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:17:04.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1755 (GCVE-0-2023-1755)
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1755",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:59:13.887819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:59:18.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
}
],
"source": {
"advisory": "882ffa07-5397-4dbb-886f-4626859d711a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1755",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:59:18.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1762 (GCVE-0-2023-1762)
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-12 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1762",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:00:40.018945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:00:48.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
}
],
"source": {
"advisory": "3c2374cc-7082-44b7-a6a6-ccff7a650a3a",
"discovery": "EXTERNAL"
},
"title": "Improper Privilege Management in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1762",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:00:48.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3469 (GCVE-0-2023-3469)
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-11-12 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-beta.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.2.0-beta.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3469",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:03:49.185250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:05:06.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-beta.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:19.692Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
}
],
"source": {
"advisory": "3565cfc9-82c4-4db8-9b8f-494dd81b56ca",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3469",
"datePublished": "2023-06-30T00:00:19.692Z",
"dateReserved": "2023-06-30T00:00:06.251Z",
"dateUpdated": "2024-11-12T15:05:06.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5319 (GCVE-0-2023-5319)
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:08:29.586177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:08:54.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:16.272Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
}
],
"source": {
"advisory": "e2542cbe-41ab-4a90-b6a4-191884c1834d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5319",
"datePublished": "2023-09-30T00:00:16.272Z",
"dateReserved": "2023-09-30T00:00:06.956Z",
"dateUpdated": "2024-09-23T16:08:54.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1753 (GCVE-0-2023-1753)
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:01:53.891490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:01:59.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWeak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:12:10.222Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
}
],
"source": {
"advisory": "01d6ae23-3a8f-42a8-99f4-10246187d71b",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1753",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:01:59.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4007 (GCVE-0-2023-4007)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-11 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4007",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T18:40:36.329137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T19:13:31.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:43.190Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
}
],
"source": {
"advisory": "e891dcbc-2092-49d3-9518-23e37187a5ea",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4007",
"datePublished": "2023-07-31T00:00:43.190Z",
"dateReserved": "2023-07-31T00:00:37.694Z",
"dateUpdated": "2024-10-11T19:13:31.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0794 (GCVE-0-2023-0794)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-21 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0794",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:47:10.013240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:47:13.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:29:28.207Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
}
],
"source": {
"advisory": "949975f1-271d-46aa-85e5-1a013cdb5efb",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0794",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:47:13.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0789 (GCVE-0-2023-0789)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-21 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0789",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:50:05.715356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:50:23.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCommand Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:08:16.153Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
}
],
"source": {
"advisory": "d9375178-2f23-4f5d-88bd-bba3d6ba7cc5",
"discovery": "EXTERNAL"
},
"title": "Command Injection in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0789",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:50:23.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6048 (GCVE-0-2014-6048)
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6048",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4821 (GCVE-0-2010-4821)
Vulnerability from cvelistv5
Published
2012-10-22 23:00
Modified
2024-08-07 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name": "phpmyfaq-unspecified-xss(62092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"name": "41625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name": "20110928 Fwd: 2.6.6 \u003c= phpMyFAQ \u003c= 2.6.8 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name": "68268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/68268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name": "phpmyfaq-unspecified-xss(62092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"name": "41625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name": "20110928 Fwd: 2.6.6 \u003c= phpMyFAQ \u003c= 2.6.8 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name": "68268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/68268"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt",
"refsource": "MISC",
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name": "phpmyfaq-unspecified-xss(62092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"name": "41625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41625"
},
{
"name": "http://www.phpmyfaq.de/advisory_2010-09-28.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name": "20110928 Fwd: 2.6.6 \u003c= phpMyFAQ \u003c= 2.6.8 XSS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name": "68268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68268"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4821",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6045 (GCVE-0-2014-6045)
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6045",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11187 (GCVE-0-2017-11187)
Vulnerability from cvelistv5
Published
2017-07-12 14:00
Modified
2024-09-17 03:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:58.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-12T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-07-12",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11187",
"datePublished": "2017-07-12T14:00:00Z",
"dateReserved": "2017-07-12T00:00:00Z",
"dateUpdated": "2024-09-17T03:39:05.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2427 (GCVE-0-2023-2427)
Vulnerability from cvelistv5
Published
2023-05-05 00:00
Modified
2025-01-29 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2427",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:53:09.198182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T17:53:14.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
}
],
"source": {
"advisory": "89005a6d-d019-4cb7-ae88-486d2d44190d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2427",
"datePublished": "2023-05-05T00:00:00.000Z",
"dateReserved": "2023-04-30T00:00:00.000Z",
"dateUpdated": "2025-01-29T17:53:14.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22208 (GCVE-0-2024-22208)
Vulnerability from cvelistv5
Published
2024-02-05 20:44
Modified
2025-05-15 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:35.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:36:54.171763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:47:15.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The \u0027sharing FAQ\u0027 functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application\u0027s email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:44:23.236Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
}
],
"source": {
"advisory": "GHSA-9hhf-xmcw-r3xg",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22208",
"datePublished": "2024-02-05T20:44:23.236Z",
"dateReserved": "2024-01-08T04:59:27.373Z",
"dateUpdated": "2025-05-15T19:47:15.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28105 (GCVE-0-2024-28105)
Vulnerability from cvelistv5
Published
2024-03-25 18:35
Modified
2024-08-13 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:48.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T19:39:05.423520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:20:12.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:35:05.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
}
],
"source": {
"advisory": "GHSA-pwh2-fpfr-x5gf",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ\u0027s File Upload Bypass at Category Image Leads to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28105",
"datePublished": "2024-03-25T18:35:05.202Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-13T14:20:12.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6913 (GCVE-0-2006-6913)
Vulnerability from cvelistv5
Published
2007-01-09 18:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21945"
},
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21945"
},
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21945"
},
{
"name": "23651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23651"
},
{
"name": "http://www.phpmyfaq.de/advisory_2006-12-15.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6913",
"datePublished": "2007-01-09T18:00:00",
"dateReserved": "2007-01-09T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0309 (GCVE-0-2023-0309)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:54.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:22:09.953142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:22:24.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
}
],
"source": {
"advisory": "c03c5925-43ff-450d-9827-2b65a3307ed6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0309",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:22:24.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2256 (GCVE-0-2004-2256)
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11640"
},
{
"name": "phpmyfaq-lang-directory-traversal(16223)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"name": "10377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11640"
},
{
"name": "phpmyfaq-lang-directory-traversal(16223)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"name": "10377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10377"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/advisory_2004-05-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "1010190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"name": "11640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11640"
},
{
"name": "phpmyfaq-lang-directory-traversal(16223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"name": "10377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10377"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2256",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54141 (GCVE-0-2024-54141)
Vulnerability from cvelistv5
Published
2024-12-06 15:00
Modified
2024-12-06 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54141",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T17:10:25.373659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T17:12:03.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server\u0027s credential when connection to DB fails. This vulnerability is fixed in 4.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T15:00:16.407Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe"
}
],
"source": {
"advisory": "GHSA-vrjr-p3xp-xx2x",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54141",
"datePublished": "2024-12-06T15:00:16.407Z",
"dateReserved": "2024-11-29T18:02:16.755Z",
"dateUpdated": "2024-12-06T17:12:03.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15731 (GCVE-0-2017-15731)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15731",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:00:35.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1879 (GCVE-0-2023-1879)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1879",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:39:54.596656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:39:58.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
}
],
"source": {
"advisory": "1dc7f818-c8ea-4f80-b000-31b48a426334",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1879",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:39:58.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6046 (GCVE-0-2014-6046)
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6046",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0307 (GCVE-0-2023-0307)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0307",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:25:12.226600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:25:30.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
}
],
"source": {
"advisory": "fac01e9f-e3e5-4985-94ad-59a76485f215",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0307",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:25:30.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1884 (GCVE-0-2023-1884)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:48:00.568439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:48:05.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
}
],
"source": {
"advisory": "dda73cb6-9344-4822-97a1-2e31efb6a73e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1884",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:48:05.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3765 (GCVE-0-2022-3765)
Vulnerability from cvelistv5
Published
2022-10-31 00:00
Modified
2025-05-02 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3765",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:01:23.414807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:01:34.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
}
],
"source": {
"advisory": "613143a1-8e51-449a-b214-12458308835d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3765",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-10-31T00:00:00.000Z",
"dateUpdated": "2025-05-02T18:01:34.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0788 (GCVE-0-2023-0788)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-21 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0788",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:51:00.933070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:51:06.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCode Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:08:38.239Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
}
],
"source": {
"advisory": "808d5452-607c-4af1-812f-26c49faf3e61",
"discovery": "EXTERNAL"
},
"title": " Code Injection in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0788",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:51:06.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1875 (GCVE-0-2023-1875)
Vulnerability from cvelistv5
Published
2023-04-22 00:00
Modified
2025-02-04 19:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:36:40.753153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:36:45.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:12:33.630Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
}
],
"source": {
"advisory": "39715aaf-e798-4c60-97c4-45f4f2cd5c61",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1875",
"datePublished": "2023-04-22T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:36:45.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2428 (GCVE-0-2023-2428)
Vulnerability from cvelistv5
Published
2023-04-30 00:00
Modified
2025-01-30 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2428",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T16:58:27.839199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T16:58:31.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-30T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
}
],
"source": {
"advisory": "cee65b6d-b003-4e6a-9d14-89aa94bee43e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2428",
"datePublished": "2023-04-30T00:00:00.000Z",
"dateReserved": "2023-04-30T00:00:00.000Z",
"dateUpdated": "2025-01-30T16:58:31.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3050 (GCVE-0-2005-3050)
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3050",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4006 (GCVE-0-2023-4006)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-11 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4006",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:40:23.540532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T19:41:41.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:20.202Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
}
],
"source": {
"advisory": "36149a42-cbd5-445e-a371-e351c899b189",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4006",
"datePublished": "2023-07-31T00:00:20.202Z",
"dateReserved": "2023-07-31T00:00:06.865Z",
"dateUpdated": "2024-10-11T19:41:41.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24574 (GCVE-0-2024-24574)
Vulnerability from cvelistv5
Published
2024-02-05 20:57
Modified
2025-06-17 14:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/pull/2827",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24574",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T16:38:54.328013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:01:12.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:57:13.115Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/pull/2827",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
}
],
"source": {
"advisory": "GHSA-7m8g-fprr-47fx",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ vulnerable to stored XSS on attachments filename"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24574",
"datePublished": "2024-02-05T20:57:13.115Z",
"dateReserved": "2024-01-25T15:09:40.211Z",
"dateUpdated": "2025-06-17T14:01:12.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15809 (GCVE-0-2017-15809)
Vulnerability from cvelistv5
Published
2017-10-23 17:00
Modified
2024-09-17 04:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15809",
"datePublished": "2017-10-23T17:00:00Z",
"dateReserved": "2017-10-23T00:00:00Z",
"dateUpdated": "2024-09-17T04:15:09.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3049 (GCVE-0-2005-3049)
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16933"
},
{
"name": "14930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14930"
},
{
"name": "19670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19670"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"name": "phpmyfaq-log-user-information-disclosure(22405)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"name": "1014968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16933"
},
{
"name": "14930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14930"
},
{
"name": "19670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19670"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"name": "phpmyfaq-log-user-information-disclosure(22405)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"name": "1014968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16933"
},
{
"name": "14930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14930"
},
{
"name": "19670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19670"
},
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"name": "phpmyfaq-log-user-information-disclosure(22405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"name": "1014968",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3049",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0792 (GCVE-0-2023-0792)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-21 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0792",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:47:46.736751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:47:54.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCode Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:07:27.626Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
}
],
"source": {
"advisory": "9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f",
"discovery": "EXTERNAL"
},
"title": " Code Injection in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0792",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:47:54.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3734 (GCVE-0-2005-3734)
Vulnerability from cvelistv5
Published
2005-11-22 00:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17649"
},
{
"name": "196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"name": "20989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20989"
},
{
"name": "15504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"name": "ADV-2005-2505",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"name": "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17649"
},
{
"name": "196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"name": "20989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20989"
},
{
"name": "15504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"name": "ADV-2005-2505",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"name": "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17649"
},
{
"name": "196",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/196"
},
{
"name": "http://www.phpmyfaq.de/advisory_2005-11-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"name": "20989",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20989"
},
{
"name": "15504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15504"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"name": "ADV-2005-2505",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"name": "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3734",
"datePublished": "2005-11-22T00:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2429 (GCVE-0-2023-2429)
Vulnerability from cvelistv5
Published
2023-04-30 00:00
Modified
2025-01-30 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2429",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T16:57:44.620937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T16:57:49.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-30T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
}
],
"source": {
"advisory": "20d3a0b3-2693-4bf1-b196-10741201a540",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2429",
"datePublished": "2023-04-30T00:00:00.000Z",
"dateReserved": "2023-04-30T00:00:00.000Z",
"dateUpdated": "2025-01-30T16:57:49.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0306 (GCVE-0-2023-0306)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T17:46:25.124184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T17:46:37.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
}
],
"source": {
"advisory": "cbba22f0-89ed-4d01-81ea-744979c8cbde",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0306",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T17:46:37.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6050 (GCVE-0-2014-6050)
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6050",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0314 (GCVE-0-2023-0314)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0314",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:14:16.989614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:14:52.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
}
],
"source": {
"advisory": "eac0a9d7-9721-4191-bef3-d43b0df59c67",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0314",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:14:52.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2753 (GCVE-0-2023-2753)
Vulnerability from cvelistv5
Published
2023-05-17 00:00
Modified
2025-01-22 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-beta |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2753",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:09:09.941988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:09:14.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-beta",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
}
],
"source": {
"advisory": "eca2284d-e81a-4ab8-91bb-7afeca557628",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2753",
"datePublished": "2023-05-17T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-01-22T18:09:14.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0787 (GCVE-0-2023-0787)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-24 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0787",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:46:47.098272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T17:46:55.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:21:00.832Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
}
],
"source": {
"advisory": "87397c71-7b84-4617-a66e-fa6c73be9024",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0787",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-24T17:46:55.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0791 (GCVE-0-2023-0791)
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2025-03-21 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0791",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:48:30.309508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:48:35.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:21:32.616Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
}
],
"source": {
"advisory": "7152b340-c6f3-4ac8-9f62-f764a267488d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0791",
"datePublished": "2023-02-12T00:00:00.000Z",
"dateReserved": "2023-02-12T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:48:35.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56199 (GCVE-0-2024-56199)
Vulnerability from cvelistv5
Published
2025-01-02 17:27
Modified
2025-01-02 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56199",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T17:41:18.338884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T17:42:19.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.10, \u003c 4.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page\u0027s user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T17:27:08.690Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp"
}
],
"source": {
"advisory": "GHSA-ww33-jppq-qfrp",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Vulnerable to Stored HTML Injection at FAQ"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-56199",
"datePublished": "2025-01-02T17:27:08.690Z",
"dateReserved": "2024-12-18T18:29:25.896Z",
"dateUpdated": "2025-01-02T17:42:19.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4040 (GCVE-0-2009-4040)
Vulnerability from cvelistv5
Published
2009-11-20 19:00
Modified
2024-09-16 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"name": "37354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"name": "37354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"name": "37354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37354"
},
{
"name": "http://www.phpmyfaq.de/advisory_2009-09-01.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4040",
"datePublished": "2009-11-20T19:00:00Z",
"dateReserved": "2009-11-20T00:00:00Z",
"dateUpdated": "2024-09-16T16:23:01.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0313 (GCVE-0-2023-0313)
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2025-04-07 15:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0313",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:15:37.291767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:15:48.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
}
],
"source": {
"advisory": "bc27e84b-1f91-4e1b-a78c-944edeba8256",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0313",
"datePublished": "2023-01-15T00:00:00.000Z",
"dateReserved": "2023-01-15T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:15:48.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1757 (GCVE-0-2023-1757)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1757",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:43:09.115673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:43:15.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
}
],
"source": {
"advisory": "584a200a-6ff8-4d53-a3c0-e7893edff60c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1757",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:43:15.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5317 (GCVE-0-2023-5317)
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5317",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:17:14.408970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:17:37.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:17.363Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
}
],
"source": {
"advisory": "5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5317",
"datePublished": "2023-09-30T00:00:17.363Z",
"dateReserved": "2023-09-30T00:00:06.550Z",
"dateUpdated": "2024-09-23T16:17:37.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14618 (GCVE-0-2017-14618)
Vulnerability from cvelistv5
Published
2017-09-20 21:00
Modified
2024-08-05 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42761",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42761",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42761",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"name": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-10-19",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14618",
"datePublished": "2017-09-20T21:00:00",
"dateReserved": "2017-09-20T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3046 (GCVE-0-2005-3046)
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3046",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16650 (GCVE-0-2018-16650)
Vulnerability from cvelistv5
Published
2018-09-07 05:00
Modified
2024-08-05 10:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ before 2.9.11 allows CSRF.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.11 allows CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.9.11 allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyfaq.de/security/advisory-2018-09-02",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16650",
"datePublished": "2018-09-07T05:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:32:53.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2255 (GCVE-0-2004-2255)
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "10374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "phpmyfaq-file-include(16177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"name": "6300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6300"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "10374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "phpmyfaq-file-include(16177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"name": "6300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6300"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/advisory_2004-05-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "10374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10374"
},
{
"name": "1010190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "phpmyfaq-file-include(16177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"name": "6300",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6300"
},
{
"name": "11640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2255",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29196 (GCVE-0-2024-29196)
Vulnerability from cvelistv5
Published
2024-03-26 03:01
Modified
2024-08-05 16:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29196",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:25:22.893037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:29:28.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "= 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T03:01:36.890Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
}
],
"source": {
"advisory": "GHSA-mmh6-5cpf-2c72",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Path Traversal in Attachments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29196",
"datePublished": "2024-03-26T03:01:36.890Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2024-08-05T16:29:28.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2999 (GCVE-0-2023-2999)
Vulnerability from cvelistv5
Published
2023-05-31 00:00
Modified
2025-01-10 16:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2999",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:25:48.996360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:26:06.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
}
],
"source": {
"advisory": "4d89c7cc-fb4c-4b64-9b67-f0189f70a620",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2999",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-31T00:00:00",
"dateUpdated": "2025-01-10T16:26:06.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6047 (GCVE-0-2014-6047)
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect \"download an attachment\" permission checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect \"download an attachment\" permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6047",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1756 (GCVE-0-2023-1756)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:43:35.013125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:43:41.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:28:50.812Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
}
],
"source": {
"advisory": "e495b443-b328-42f5-aed5-d68b929b4cb9",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1756",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:43:41.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27300 (GCVE-0-2024-27300)
Vulnerability from cvelistv5
Published
2024-03-25 18:30
Modified
2024-08-02 00:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27300",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T19:29:59.933358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:40:57.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ\u0027s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP\u0027s `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user\u0027s phpMyFAQ session. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:32:00.543Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
}
],
"source": {
"advisory": "GHSA-q7g6-xfh2-vhpx",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored XSS at user email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27300",
"datePublished": "2024-03-25T18:30:35.810Z",
"dateReserved": "2024-02-22T18:08:38.875Z",
"dateUpdated": "2024-08-02T00:28:00.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1880 (GCVE-0-2023-1880)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:50:31.123886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:50:34.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
}
],
"source": {
"advisory": "ece5f051-674e-4919-b998-594714910f9e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1880",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:50:34.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27299 (GCVE-0-2024-27299)
Vulnerability from cvelistv5
Published
2024-03-25 18:26
Modified
2024-08-02 00:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:29:00.738237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:17.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"name": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the \"Add News\" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP\u0027s `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:26:14.879Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"name": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
}
],
"source": {
"advisory": "GHSA-qgxx-4xv5-6hcw",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ SQL Injection at \"Save News\""
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27299",
"datePublished": "2024-03-25T18:26:14.879Z",
"dateReserved": "2024-02-22T18:08:38.875Z",
"dateUpdated": "2024-08-02T00:28:00.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2257 (GCVE-0-2004-2257)
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2025-01-16 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8240"
},
{
"name": "1010795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"name": "12085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12085"
},
{
"name": "phpmyfaq-authentication-bypass(16814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"name": "10813",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10813"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2004-2257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T16:36:54.394607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:34:58.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8240"
},
{
"name": "1010795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"name": "12085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12085"
},
{
"name": "phpmyfaq-authentication-bypass(16814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"name": "10813",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8240",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8240"
},
{
"name": "1010795",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010795"
},
{
"name": "12085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12085"
},
{
"name": "phpmyfaq-authentication-bypass(16814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"name": "http://www.phpmyfaq.de/advisory_2004-07-27.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"name": "10813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2257",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2025-01-16T19:34:58.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15729 (GCVE-0-2017-15729)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 21:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15729",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:13.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6890 (GCVE-0-2023-6890)
Vulnerability from cvelistv5
Published
2023-12-16 08:57
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T09:53:40.635Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
}
],
"source": {
"advisory": "2cf11678-8793-4fa1-b21a-f135564a105d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6890",
"datePublished": "2023-12-16T08:57:31.033Z",
"dateReserved": "2023-12-16T08:57:21.686Z",
"dateUpdated": "2024-08-02T08:42:08.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5865 (GCVE-0-2023-5865)
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-17 13:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5865",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:18:18.925983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:35:48.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:40.896Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
}
],
"source": {
"advisory": "4c4b7395-d9fd-4ca0-98d7-2e20c1249aff",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5865",
"datePublished": "2023-10-31T00:00:40.896Z",
"dateReserved": "2023-10-31T00:00:36.972Z",
"dateUpdated": "2024-09-17T13:35:48.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0880 (GCVE-0-2023-0880)
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2025-03-18 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-115 - Misinterpretation of Input
Summary
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0880",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T15:56:55.411097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:57:06.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMisinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-115",
"description": "CWE-115 Misinterpretation of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:11:04.242Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
}
],
"source": {
"advisory": "14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c",
"discovery": "EXTERNAL"
},
"title": "Misinterpretation of Input in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0880",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2023-02-17T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:57:06.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5866 (GCVE-0-2023-5866)
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T19:56:51.380216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T19:57:57.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:42.138Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
}
],
"source": {
"advisory": "ec44bcba-ae7f-497a-851e-8165ecf56945",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5866",
"datePublished": "2023-10-31T00:00:42.138Z",
"dateReserved": "2023-10-31T00:00:37.064Z",
"dateUpdated": "2024-09-05T19:57:57.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6889 (GCVE-0-2023-6889)
Vulnerability from cvelistv5
Published
2023-12-16 08:57
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T09:52:27.861Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
}
],
"source": {
"advisory": "52897778-fad7-4169-bf04-a68a0646df0c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6889",
"datePublished": "2023-12-16T08:57:30.625Z",
"dateReserved": "2023-12-16T08:57:12.016Z",
"dateUpdated": "2024-08-02T08:42:08.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29179 (GCVE-0-2024-29179)
Vulnerability from cvelistv5
Published
2024-03-25 20:27
Modified
2025-04-10 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:47:56.549461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:29:53.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T20:27:55.083Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
}
],
"source": {
"advisory": "GHSA-hm8r-95g3-5hj9",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored Cross-site Scripting at File Attachments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29179",
"datePublished": "2024-03-25T20:27:55.083Z",
"dateReserved": "2024-03-18T17:07:00.092Z",
"dateUpdated": "2025-04-10T18:29:53.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5867 (GCVE-0-2023-5867)
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2025-02-27 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5867",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T20:32:16.168512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:38:50.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:41.524Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
}
],
"source": {
"advisory": "5c09b32e-a041-4a1e-a277-eb3e80967df0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5867",
"datePublished": "2023-10-31T00:00:41.524Z",
"dateReserved": "2023-10-31T00:00:37.828Z",
"dateUpdated": "2025-02-27T20:38:50.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2752 (GCVE-0-2023-2752)
Vulnerability from cvelistv5
Published
2023-05-17 00:00
Modified
2025-01-22 17:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-beta |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2752",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T17:21:16.492944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T17:21:20.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-beta",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
}
],
"source": {
"advisory": "efdf5b24-6d30-4d57-a5b0-13b253ba3ea4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2752",
"datePublished": "2023-05-17T00:00:00",
"dateReserved": "2023-05-17T00:00:00",
"dateUpdated": "2025-01-22T17:21:20.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22202 (GCVE-0-2024-22202)
Vulnerability from cvelistv5
Published
2024-02-05 19:39
Modified
2024-08-01 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:44:13.037619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:32.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ\u0027s user removal page allows an attacker to spoof another user\u0027s detail, and in turn make a compelling phishing case for removing another user\u0027s account. The front-end of this page doesn\u0027t allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T19:39:38.262Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
}
],
"source": {
"advisory": "GHSA-6648-6g96-mg35",
"discovery": "UNKNOWN"
},
"title": "User Removal Page Allows Spoofing Of User Details"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22202",
"datePublished": "2024-02-05T19:39:38.262Z",
"dateReserved": "2024-01-08T04:59:27.372Z",
"dateUpdated": "2024-08-01T22:35:34.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6912 (GCVE-0-2006-6912)
Vulnerability from cvelistv5
Published
2007-01-09 18:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"name": "phpmyfaq-attachment-sql-injection(32802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"name": "21944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"name": "phpmyfaq-attachment-sql-injection(32802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"name": "21944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23651"
},
{
"name": "http://www.phpmyfaq.de/advisory_2006-12-15.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"name": "phpmyfaq-attachment-sql-injection(32802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"name": "21944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6912",
"datePublished": "2007-01-09T18:00:00",
"dateReserved": "2007-01-09T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14619 (GCVE-0-2017-14619)
Vulnerability from cvelistv5
Published
2017-09-20 21:00
Modified
2024-08-05 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42987",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the \"Title of your FAQ\" field in the Configuration Module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42987",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the \"Title of your FAQ\" field in the Configuration Module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42987",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-10-19",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"name": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14619",
"datePublished": "2017-09-20T21:00:00",
"dateReserved": "2017-09-20T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1758 (GCVE-0-2023-1758)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Summary
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1758",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:42:37.059518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:42:40.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
}
],
"source": {
"advisory": "0854328e-eb00-41a3-9573-8da8f00e369c",
"discovery": "EXTERNAL"
},
"title": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1758",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:42:40.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5227 (GCVE-0-2023-5227)
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:11:37.575536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:12:25.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:15.175Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
}
],
"source": {
"advisory": "a335c013-db75-4120-872c-42059c7100e8",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5227",
"datePublished": "2023-09-30T00:00:15.175Z",
"dateReserved": "2023-09-27T13:07:57.342Z",
"dateUpdated": "2024-09-23T16:12:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6049 (GCVE-0-2014-6049)
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6049",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3783 (GCVE-0-2011-3783)
Vulnerability from cvelistv5
Published
2011-09-24 00:00
Modified
2024-09-16 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3783",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:46:39.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15727 (GCVE-0-2017-15727)
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43063",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43063",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43063",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15727",
"datePublished": "2017-10-21T22:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28106 (GCVE-0-2024-28106)
Vulnerability from cvelistv5
Published
2024-03-25 18:41
Modified
2024-08-02 00:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:06:05.995106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:07:06.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:41:58.260Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
}
],
"source": {
"advisory": "GHSA-6p68-36m6-392r",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored XSS at FAQ News Content"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28106",
"datePublished": "2024-03-25T18:41:58.260Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-02T00:48:49.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3048 (GCVE-0-2005-3048)
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19672"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19672"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19672",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19672"
},
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3048",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1882 (GCVE-0-2023-1882)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:49:38.473966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:49:42.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
}
],
"source": {
"advisory": "8ab09a1c-cfd5-4ce0-aae3-d33c93318957",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1882",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:49:42.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1761 (GCVE-0-2023-1761)
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:44:14.963774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:44:23.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:11:22.668Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
}
],
"source": {
"advisory": "24c0a65f-0751-4ff8-af63-4b325ac8879f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1761",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:44:23.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15808 (GCVE-0-2017-15808)
Vulnerability from cvelistv5
Published
2017-10-23 17:00
Modified
2025-04-16 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:45:54.676Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
},
{
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-15808.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15808",
"datePublished": "2017-10-23T17:00:00.000Z",
"dateReserved": "2017-10-23T00:00:00.000Z",
"dateUpdated": "2025-04-16T14:45:54.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2998 (GCVE-0-2023-2998)
Vulnerability from cvelistv5
Published
2023-05-31 00:00
Modified
2025-01-10 16:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2998",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:26:29.735477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:26:40.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
}
],
"source": {
"advisory": "8282d78e-f399-4bf4-8403-f39103a31e78",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2998",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-31T00:00:00",
"dateUpdated": "2025-01-10T16:26:40.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-04-30 03:15
Modified
2025-01-30 17:15
Severity ?
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2429",
"lastModified": "2025-01-30T17:15:15.950",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-30T03:15:08.750",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
],
"id": "CVE-2004-2255",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/6300"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/6300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-20 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en inc/PMF/Faq.php en phpMyFAQ hasta la versi\u00f3n 2.9.8 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Questions en una acci\u00f3n \"Add New FAQ\"."
}
],
"id": "CVE-2017-14618",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T21:29:00.317",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "cve@mitre.org",
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42761/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-17 08:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "972DB9E1-96EB-4DEC-8A58-14DDF7B8A7E2",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "71D0A0BD-EC7D-47C7-8C0F-716EE0843E52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"id": "CVE-2023-2753",
"lastModified": "2024-11-21T07:59:13.583",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T08:15:08.837",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
},
{
"source": "security@huntr.dev",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0793",
"lastModified": "2024-11-21T07:37:50.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.803",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-31 01:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B486032C-0BF4-4D1C-ABDB-56607585ADC3",
"versionEndExcluding": "3.1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"id": "CVE-2023-2999",
"lastModified": "2024-11-21T07:59:43.583",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-31T01:15:43.163",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 20:15
Modified
2024-11-21 08:55
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ\u0027s user removal page allows an attacker to spoof another user\u0027s detail, and in turn make a compelling phishing case for removing another user\u0027s account. The front-end of this page doesn\u0027t allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. La p\u00e1gina de eliminaci\u00f3n de usuarios de phpMyFAQ permite a un atacante falsificar los detalles de otro usuario y, a su vez, presentar un caso de phishing convincente para eliminar la cuenta de otro usuario. La interfaz de esta p\u00e1gina no permite cambiar los detalles del formulario; un atacante puede utilizar un proxy para interceptar esta solicitud y enviar otros datos. Al enviar este formulario, se env\u00eda un correo electr\u00f3nico al administrador inform\u00e1ndole que este usuario desea eliminar su cuenta. Un administrador no tiene forma de distinguir entre el usuario real que desea eliminar su cuenta o el atacante que lo hace para una cuenta que no controla. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.5."
}
],
"id": "CVE-2024-22202",
"lastModified": "2024-11-21T08:55:47.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T20:15:55.390",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-13 14:15
Modified
2025-08-14 18:56
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17583C51-6485-4F89-BCE0-538A0F2793B0",
"versionEndExcluding": "3.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim\u0027s machine upon page visit by embedding it in an \u003ciframe\u003e element without user interaction or explicit consent. Version 3.2.10 fixes the issue."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de c\u00f3digo abierto para preguntas frecuentes. Antes de la versi\u00f3n 3.2.10, exist\u00eda una vulnerabilidad en el componente de registro de preguntas frecuentes por la que un atacante con privilegios pod\u00eda activar la descarga de un archivo en la m\u00e1quina de la v\u00edctima al visitar una p\u00e1gina incrust\u00e1ndolo en un elemento sin interacci\u00f3n del usuario ni consentimiento expl\u00edcito. La versi\u00f3n 3.2.10 soluciona el problema."
}
],
"id": "CVE-2024-55889",
"lastModified": "2025-08-14T18:56:50.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-13T14:15:22.653",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
Summary
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1762",
"lastModified": "2024-11-21T07:39:51.510",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.750",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-22 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6861E0-F1B8-41A6-AECD-D039A346F4C5",
"versionEndIncluding": "2.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E89609EA-C5DA-45CA-A002-0D4AFCA45648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "328283AF-1875-4D9B-93CC-059198D80316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01569544-72C2-4C82-B173-77C235BEE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7B4362-27D5-494C-8AD1-48ECD16CF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en phpMyFAQ antes de v2.6.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del PATH_INFO a index.php.\r\n"
}
],
"id": "CVE-2010-4821",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-22T23:55:04.273",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41625"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/68268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/68268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field."
}
],
"id": "CVE-2005-3046",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1760",
"lastModified": "2024-11-21T07:39:50.687",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.643",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:14
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. La funci\u00f3n de carga de im\u00e1genes de categor\u00eda en phpmyfaq es vulnerable a la manipulaci\u00f3n de los par\u00e1metros `Content-type` y `lang`, lo que permite a los atacantes cargar archivos maliciosos con una extensi\u00f3n .php, lo que potencialmente conduce a la ejecuci\u00f3n remota de c\u00f3digo (RCE) en el sistema. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-28105",
"lastModified": "2025-01-09T17:14:59.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.020",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 01:15
Modified
2024-11-21 08:34
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9F1132-3D27-4D51-AF94-75A8C3DDE21F",
"versionEndExcluding": "3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"id": "CVE-2023-4007",
"lastModified": "2024-11-21T08:34:12.960",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T01:15:10.017",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos omitan el mecanismo de protecci\u00f3n CAPTCHA reproduciendo la petici\u00f3n."
}
],
"id": "CVE-2014-6050",
"lastModified": "2024-11-21T02:13:41.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
}
],
"id": "CVE-2005-3048",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19672"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B2AC55-8F04-44F9-922D-687FAEFC03DF",
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E89609EA-C5DA-45CA-A002-0D4AFCA45648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "328283AF-1875-4D9B-93CC-059198D80316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01569544-72C2-4C82-B173-77C235BEE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7B4362-27D5-494C-8AD1-48ECD16CF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC00325-D9B4-4219-A63F-04EEB7DA6F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "714DA52A-6AE0-41A7-9250-08BE3B336C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17526059-D468-4AE3-A24E-8B4FDD26915E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21162859-A1AB-4477-BA1B-4A2C2DB4705D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "06AC9151-E197-479F-B1BA-CAEEFC488EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "21ABBD7C-7FC6-48A1-88CE-282156EB5B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "092575EA-2318-4FDD-9EE0-D5AFC5A14854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F971EC18-895D-469E-9D69-94D13017B62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9650943E-4BB2-4A0D-B3D5-07B99566A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3055F07-0E27-464D-AE66-E6E1817A49E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C85D157-3F89-4E09-B45A-5624D5E9ECC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19AD9DE9-2A90-46FA-BDCB-A467C60AC25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B60C31AA-F51C-4704-AC0B-54C2827654F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E14E876D-345D-4459-BF53-4B97DCFDBA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "651AED63-79B2-48DF-A9DF-70173E87BCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "216752FD-4126-4F9A-A7B2-23FCFB47508E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4D839BD2-DEFB-44E4-84F1-531C750090E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9908E785-6C57-45C1-B8DE-AF8B1BE875E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6019B-EAF7-4E6B-A97B-F27FCF10FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30F37277-2D8A-4B92-956F-78B39F876225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B304F221-C6E1-4995-A6B5-C4CB4F41D69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0582DAA4-9F0C-4FF6-894E-F98D3E07D771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3E7701-8373-4625-A401-3B655C9DCC3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0814",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-14T16:55:13.857",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/102940"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65368"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante metaDescription o metaKeywords."
}
],
"id": "CVE-2017-15728",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1884",
"lastModified": "2024-11-21T07:40:04.987",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.323",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 21:15
Modified
2024-11-21 08:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El eco inseguro del nombre de archivo en phpMyFAQ\\phpmyfaq\\admin\\attachments.php conduce a la ejecuci\u00f3n permitida de c\u00f3digo JavaScript en el lado del cliente (XSS). Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.2.5."
}
],
"id": "CVE-2024-24574",
"lastModified": "2024-11-21T08:59:27.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T21:15:12.340",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:27
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the \"Add News\" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP\u0027s `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Se ha descubierto una vulnerabilidad de inyecci\u00f3n SQL en la funcionalidad \"Agregar noticias\" debido a un escape incorrecto de la direcci\u00f3n de correo electr\u00f3nico. Esto permite que cualquier usuario autenticado con derechos para agregar/editar noticias de preguntas frecuentes aproveche esta vulnerabilidad para filtrar datos, hacerse cargo de cuentas y, en algunos casos, incluso lograr RCE. El campo vulnerable se encuentra en el campo `authorEmail` que utiliza el filtro `FILTER_VALIDATE_EMAIL` de PHP. Este filtro es insuficiente para proteger contra ataques de inyecci\u00f3n SQL y aun as\u00ed se debe escapar correctamente. Sin embargo, en esta versi\u00f3n de phpMyFAQ (3.2.5), este campo no tiene el formato de escape adecuado y puede usarse junto con otros campos para explotar completamente la vulnerabilidad de inyecci\u00f3n SQL. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-27299",
"lastModified": "2025-01-09T17:27:11.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:57.563",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0313",
"lastModified": "2024-11-21T07:36:57.170",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.970",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0309",
"lastModified": "2024-11-21T07:36:56.703",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.657",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-22 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpmyfaq | phpmyfaq | 1.5 | |
| phpmyfaq | phpmyfaq | 1.5.1 | |
| phpmyfaq | phpmyfaq | 1.5.3 | |
| phpmyfaq | phpmyfaq | 1.5_alpha1 | |
| phpmyfaq | phpmyfaq | 1.5_alpha2 | |
| phpmyfaq | phpmyfaq | 1.5_beta1 | |
| phpmyfaq | phpmyfaq | 1.5_beta2 | |
| phpmyfaq | phpmyfaq | 1.5_beta3 | |
| phpmyfaq | phpmyfaq | 1.5_rc1 | |
| phpmyfaq | phpmyfaq | 1.5_rc2 | |
| phpmyfaq | phpmyfaq | 1.5_rc3 | |
| phpmyfaq | phpmyfaq | 1.5_rc4 | |
| phpmyfaq | phpmyfaq | 1.5_rc5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "34D1FA39-9778-488F-9582-E37060F3F92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "A62052CA-95C7-43C9-B65B-C2E01EB0EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "89938096-681A-4D77-8BA2-3F4D0A2424E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "8215A5E3-4780-4E45-8B52-F8D00A71D7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7087AF-0DBF-4287-9B58-EA0C3F9F9134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D419C7-F683-41F5-B8A0-2354F9DDBE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58BDAA-4C56-44F8-99E7-FF55283884A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5350F01-DCAE-46D3-82B1-E5A297AA43BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2D8CF4-87AF-47C0-AB37-88F50324AC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F0D935-5A88-457B-959E-4BBC655D3F7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina \"add content\" de phpMyFAQ 1.5.3 y anteriores permite a atacantes remotos inyectar \u0027script\u0027 web arbitrario mediante los par\u00e1metros (1) thema, (2) username, y (3) usermail."
}
],
"id": "CVE-2005-3734",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17649"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/196"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20989"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2505"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-17 03:15
Modified
2024-11-21 07:38
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
},
{
"lang": "es",
"value": "Mala interpretaci\u00f3n de la entrada en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.11."
}
],
"id": "CVE-2023-0880",
"lastModified": "2024-11-21T07:38:01.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-17T03:15:09.950",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-115"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-11 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAB360A-D5DD-4DCA-A0C4-B171302FB531",
"versionEndExcluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Almacenados en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.9."
}
],
"id": "CVE-2022-4408",
"lastModified": "2024-11-21T07:35:12.797",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-11T15:15:10.733",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 01:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1755",
"lastModified": "2024-11-21T07:39:50.150",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T01:15:09.330",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2025-03-21 19:15
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0794",
"lastModified": "2025-03-21T19:15:41.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.890",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F6B11D-C89E-4C4F-A2CA-9CB3F83C8AD3",
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.2.1."
}
],
"id": "CVE-2023-5864",
"lastModified": "2024-11-21T08:42:39.647",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.817",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos lean archivos adjuntos arbitrarios mediante una petici\u00f3n directa."
}
],
"id": "CVE-2014-6048",
"lastModified": "2024-11-21T02:13:41.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-22 18:15
Modified
2024-11-21 07:40
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1875",
"lastModified": "2024-11-21T07:40:04.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-22T18:15:07.207",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Autenticaci\u00f3n incorrecta en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.10."
}
],
"id": "CVE-2023-0311",
"lastModified": "2024-11-21T07:36:56.937",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.810",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): DOM en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.18."
}
],
"id": "CVE-2023-5316",
"lastModified": "2024-11-21T08:41:30.877",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.150",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0792",
"lastModified": "2024-11-21T07:37:50.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.720",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-12 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.phpmyfaq.de/security/advisory-2017-07-12 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/security/advisory-2017-07-12 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42BCD029-3707-48A6-B302-DEAF66F927F1",
"versionEndIncluding": "2.9.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly."
},
{
"lang": "es",
"value": "phpMyFAQ anterior a versi\u00f3n 2.9.8, no mitiga apropiadamente los ataques de fuerza bruta que intentan muchas contrase\u00f1as durante inicios de sesi\u00f3n intentados r\u00e1pidamente."
}
],
"id": "CVE-2017-11187",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T14:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1887",
"lastModified": "2024-11-21T07:40:05.310",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.473",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-840"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-24 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files."
},
{
"lang": "es",
"value": "phpMyFAQ v2.6.13 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como lo demuestra el producto lang/language_uk.php y algunos otros archivos."
}
],
"id": "CVE-2011-3783",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:02.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-29 13:15
Modified
2024-11-21 07:20
Severity ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Requisitos de Contrase\u00f1as D\u00e9biles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8.\n"
}
],
"id": "CVE-2022-3754",
"lastModified": "2024-11-21T07:20:10.990",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-29T13:15:09.477",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 01:15
Modified
2024-11-21 07:39
Severity ?
Summary
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1754",
"lastModified": "2024-11-21T07:39:50.043",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T01:15:09.247",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:00
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn\u0027t check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Debido a una validaci\u00f3n insuficiente del par\u00e1metro \"contentLink\", es posible que usuarios no autenticados inyecten c\u00f3digo HTML en la p\u00e1gina, lo que podr\u00eda afectar a otros usuarios. _Adem\u00e1s, requiere que se permita agregar nuevas preguntas frecuentes a los invitados y que el administrador no verifique el contenido de las preguntas frecuentes reci\u00e9n agregadas._ Esta vulnerabilidad se corrigi\u00f3 en 3.2.6."
}
],
"id": "CVE-2024-28108",
"lastModified": "2025-01-09T17:00:12.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0310",
"lastModified": "2024-11-21T07:36:56.820",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.730",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43063/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43063/ | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante un adjunto HTML."
}
],
"id": "CVE-2017-15727",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43063/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B2AC55-8F04-44F9-922D-687FAEFC03DF",
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E89609EA-C5DA-45CA-A002-0D4AFCA45648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "328283AF-1875-4D9B-93CC-059198D80316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01569544-72C2-4C82-B173-77C235BEE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7B4362-27D5-494C-8AD1-48ECD16CF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC00325-D9B4-4219-A63F-04EEB7DA6F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "714DA52A-6AE0-41A7-9250-08BE3B336C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17526059-D468-4AE3-A24E-8B4FDD26915E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21162859-A1AB-4477-BA1B-4A2C2DB4705D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "06AC9151-E197-479F-B1BA-CAEEFC488EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "21ABBD7C-7FC6-48A1-88CE-282156EB5B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "092575EA-2318-4FDD-9EE0-D5AFC5A14854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F971EC18-895D-469E-9D69-94D13017B62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9650943E-4BB2-4A0D-B3D5-07B99566A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3055F07-0E27-464D-AE66-E6E1817A49E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C85D157-3F89-4E09-B45A-5624D5E9ECC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19AD9DE9-2A90-46FA-BDCB-A467C60AC25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B60C31AA-F51C-4704-AC0B-54C2827654F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E14E876D-345D-4459-BF53-4B97DCFDBA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "651AED63-79B2-48DF-A9DF-70173E87BCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "216752FD-4126-4F9A-A7B2-23FCFB47508E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4D839BD2-DEFB-44E4-84F1-531C750090E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9908E785-6C57-45C1-B8DE-AF8B1BE875E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6019B-EAF7-4E6B-A97B-F27FCF10FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30F37277-2D8A-4B92-956F-78B39F876225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B304F221-C6E1-4995-A6B5-C4CB4F41D69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0582DAA4-9F0C-4FF6-894E-F98D3E07D771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3E7701-8373-4625-A401-3B655C9DCC3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que modifiquen configuraciones."
}
],
"id": "CVE-2014-0813",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-14T16:55:13.843",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/102939"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2025-03-21 19:15
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0791",
"lastModified": "2025-03-21T19:15:40.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.637",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en phpMyFAQ en versiones anteriores a la 2.8.13 permiten que atacantes remotos secuestren la autenticaci\u00f3n de usuarios no especificados para peticiones que (1) eliminan usuarios activos aprovechando la validaci\u00f3n incorrecta de tokens CSRF o que (2) eliminan preguntas abiertas, (3) activan usuarios, (4) publican FAQ, (5) a\u00f1aden o eliminan glosarios, (6) a\u00f1aden o eliminan noticias de FAQ, o (7) a\u00f1aden o eliminan comentarios o a\u00f1aden votos aprovechando la falta de un token CSRF."
}
],
"id": "CVE-2014-6046",
"lastModified": "2024-11-21T02:13:40.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:00.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C",
"versionEndExcluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de 3.2.2."
}
],
"id": "CVE-2023-5867",
"lastModified": "2024-11-21T08:42:40.040",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:08.020",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Requisitos de contrase\u00f1a d\u00e9biles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.10."
}
],
"id": "CVE-2023-0307",
"lastModified": "2024-11-21T07:36:56.470",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.493",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "cross site scripting (XSS): reflejadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0314",
"lastModified": "2024-11-21T07:36:57.300",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:11.043",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-31 01:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B486032C-0BF4-4D1C-ABDB-56607585ADC3",
"versionEndExcluding": "3.1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"id": "CVE-2023-2998",
"lastModified": "2024-11-21T07:59:43.453",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-31T01:15:43.103",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-20 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the \"Title of your FAQ\" field in the Configuration Module."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en phpMyFAQ hasta la versi\u00f3n 2.9.8 permite que atacantes remotos inyecten scripts web o HTML mediante el campo \"Title of your FAQ\" en el m\u00f3dulo de configuraci\u00f3n."
}
],
"id": "CVE-2017-14619",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T21:29:00.350",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"source": "cve@mitre.org",
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42987/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-30 01:15
Modified
2024-11-21 08:17
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A23CE37-3356-4EBD-AB7D-060CF611CF6C",
"versionEndIncluding": "3.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "71D0A0BD-EC7D-47C7-8C0F-716EE0843E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AA3CB4E9-252B-4326-BE77-679284864A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2."
}
],
"id": "CVE-2023-3469",
"lastModified": "2024-11-21T08:17:20.070",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T01:15:08.880",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al a\u00f1adir un glosario."
}
],
"id": "CVE-2017-15729",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request."
}
],
"id": "CVE-2004-2257",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12085"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/8240"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/10813"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/8240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/10813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 03:15
Modified
2025-01-09 16:58
Severity ?
3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Existe una vulnerabilidad de Path Traversal en los archivos adjuntos que permite a los atacantes con derechos de administrador cargar archivos maliciosos en otras ubicaciones de la ra\u00edz web. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-29196",
"lastModified": "2025-01-09T16:58:38.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T03:15:13.517",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A288447-ABFD-4DF0-A958-439142DD7890",
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C44AC58F-94E3-4301-944E-E91C8E475CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2E61F309-FB2A-47BC-B43E-BE8DA726955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "383D3577-4F74-4842-8ADD-A6B9BEB410E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397A3DA9-99D3-41A0-8605-FFE1360147B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2B27F427-D46B-4B81-ADE7-81DAC498B450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3870AF03-C6E5-4F49-A502-2091A5017519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB959F7-7F97-4ECE-8FF1-843E73222935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "70400ECC-7102-4984-8804-2F0A18A07617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "691C193F-C1E5-44C0-953A-C6D6DE4C4FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFDC1AD-A611-40DA-85EA-517BE8187F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "8793289D-65A5-4DC0-8AD7-132042F293B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE10AD9-E5BD-4A25-92D2-4369EF15BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FDBDAC0F-BABF-48F2-B6CE-E3FCC740A45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9013E5FA-CFD9-430D-BDA7-2C19263C95F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AAC0C8B9-243E-4958-8558-AB49BBDCE551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA18AF75-D2E6-4020-9F02-39AE96166129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "64671966-303B-4B58-A5B9-7676AB132E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "659FCBE0-F0ED-443F-853E-6A14F70895FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "894CE3C2-3E2D-45CA-92F0-643A8A8CC8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC00325-D9B4-4219-A63F-04EEB7DA6F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "714DA52A-6AE0-41A7-9250-08BE3B336C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17526059-D468-4AE3-A24E-8B4FDD26915E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21162859-A1AB-4477-BA1B-4A2C2DB4705D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "06AC9151-E197-479F-B1BA-CAEEFC488EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "21ABBD7C-7FC6-48A1-88CE-282156EB5B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "092575EA-2318-4FDD-9EE0-D5AFC5A14854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F971EC18-895D-469E-9D69-94D13017B62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9650943E-4BB2-4A0D-B3D5-07B99566A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinymce:tinymce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B9DC89-26A9-42B3-A037-26A5B3E3441B",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en inc/function.base.php de Ajax File y Image Manager en versiones anteriores a 1.1, tal como se usa en tinymce en versiones anteriores a 1.4.2, phpMyFAQ 2.6 anteriores a 2.6.19 y 2.7 anteriores a 2.7.1, y posiblemente otros productos, permite a atacantes remotos inyectar c\u00f3digo arbitrario PHP en data.php a trav\u00e9s de par\u00e1metros modificados."
}
],
"id": "CVE-2011-4825",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-15T03:57:34.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/18075"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"source": "cve@mitre.org",
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zenphoto.org/trac/ticket/2005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag."
},
{
"lang": "es",
"value": "En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Scripting (XSS) en admin/tags.main.php mediante una etiqueta manipulada."
}
],
"id": "CVE-2017-15809",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T17:29:00.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0306",
"lastModified": "2024-11-21T07:36:56.360",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.400",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/news.php."
}
],
"id": "CVE-2017-15732",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1878",
"lastModified": "2024-11-21T07:40:04.307",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.037",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 21:15
Modified
2025-01-09 16:59
Severity ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Un atacante con privilegios de administrador puede cargar un archivo adjunto que contenga c\u00f3digo JS sin extensi\u00f3n y la aplicaci\u00f3n lo representar\u00e1 como HTML, lo que permite ataques XSS."
}
],
"id": "CVE-2024-29179",
"lastModified": "2025-01-09T16:59:41.167",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T21:15:47.050",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-07 05:29
Modified
2024-11-21 03:53
Severity ?
Summary
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA187D80-7802-4512-809B-E2111C631231",
"versionEndExcluding": "2.9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports."
},
{
"lang": "es",
"value": "El backend de administrador en phpMyFAQ en versiones anteriores a la 2.9.11 permite la inyecci\u00f3n CSV en los informes."
}
],
"id": "CVE-2018-16651",
"lastModified": "2024-11-21T03:53:08.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-07T05:29:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-31 11:15
Modified
2024-11-21 07:20
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS):- Reflejadas en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8.\n"
}
],
"id": "CVE-2022-3766",
"lastModified": "2024-11-21T07:20:12.303",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-31T11:15:10.247",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1761",
"lastModified": "2024-11-21T07:39:50.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.703",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-21 11:28
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1394509F-1694-4C1D-8D12-E75E72DFD733",
"versionEndIncluding": "1.6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5B26F173-5AB9-482C-8B3F-6424359E7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D99DCE-969E-4E2C-8557-DF19F43F7388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "C1833515-70CA-4B10-A947-5F8E544DA110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1B3D0-67F3-4F88-9952-D70CD86387B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80a:*:*:*:*:*:*:*",
"matchCriteriaId": "5E802239-AE7E-4C17-A98C-8E685E77B5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "9E54ADFE-3386-41BC-B08B-DAE967327B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "70079FB1-278D-49A2-8211-E68B7F5F626D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "20020044-2E57-4789-AB98-1B113D523BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5BB764-1B6F-433F-90A4-8103610E8F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DA60DB45-5CFB-4EB2-ACD7-784B1905F259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.666:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA9BBDE-97D0-4B30-AEBB-69A302630542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC2D031-6C8C-49A2-AF52-7C5FE83989B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to \"gain the privilege for uploading files on the server.\""
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en phpMyFAQ versi\u00f3n 1.6.9 y anteriores, cuando register_globals est\u00e1 habilitado, permite a atacantes remotos \"gain the privilege for uploading files on the server.\""
}
],
"evaluatorImpact": "Successful exploitation requires that \"register_globals\" is enabled.",
"id": "CVE-2007-1032",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-21T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32603"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24230"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2025-03-21 19:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0789",
"lastModified": "2025-03-21T19:15:40.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.467",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1886",
"lastModified": "2024-11-21T07:40:05.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.420",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php."
}
],
"id": "CVE-2005-3047",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1880",
"lastModified": "2024-11-21T07:40:04.523",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.133",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al modificar un glosario."
}
],
"id": "CVE-2017-15735",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file."
}
],
"id": "CVE-2005-3049",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16933"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014968"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19670"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14930"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0790",
"lastModified": "2024-11-21T07:37:50.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.547",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect \"download an attachment\" permission checks."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos lean archivos adjuntos arbitrarios aprovechando comprobaciones incorrectas del permiso \"download an attachment\"."
}
],
"id": "CVE-2014-6047",
"lastModified": "2024-11-21T02:13:41.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-21 14:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37520 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/37180 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37520 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37180 | Exploit |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E628711E-2704-4EBF-A337-6D4E6E6E37BD",
"versionEndIncluding": "2.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5B26F173-5AB9-482C-8B3F-6424359E7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D99DCE-969E-4E2C-8557-DF19F43F7388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "C1833515-70CA-4B10-A947-5F8E544DA110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1B3D0-67F3-4F88-9952-D70CD86387B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80a:*:*:*:*:*:*:*",
"matchCriteriaId": "5E802239-AE7E-4C17-A98C-8E685E77B5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "9E54ADFE-3386-41BC-B08B-DAE967327B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "70079FB1-278D-49A2-8211-E68B7F5F626D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "20020044-2E57-4789-AB98-1B113D523BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5BB764-1B6F-433F-90A4-8103610E8F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DA60DB45-5CFB-4EB2-ACD7-784B1905F259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.666:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA9BBDE-97D0-4B30-AEBB-69A302630542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "E47EB76A-2314-4978-A146-C6C73CF018C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de tipo Cross-Site Scripting (XSS) en el archivo index.php en phpMyFAQ anterior a la versi\u00f3n 2.5.5, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de (1) el par\u00e1metro lang en una acci\u00f3n del sitemap, (2) el par\u00e1metro search en una acci\u00f3n search, (3) el par\u00e1metro tagging_id en una acci\u00f3n search, (4) el par\u00e1metro highlight en una acci\u00f3n artikel, (5) el par\u00e1metro artlang en una acci\u00f3n artikel, (6) el par\u00e1metro letter en una acci\u00f3n sitemap, (7) el par\u00e1metro lang en una acci\u00f3n show, (8) el par\u00e1metro cat en una acci\u00f3n show, (9) el par\u00e1metro newslang en una acci\u00f3n news, (10) el par\u00e1metro artlang en una acci\u00f3n send2friend, (11) el par\u00e1metro cat en una acci\u00f3n send2friend , (12) el par\u00e1metro id en una acci\u00f3n send2friend, (13) el par\u00e1metro srclang en una acci\u00f3n traslate, (14) el par\u00e1metro id en una acci\u00f3n traslate, (15) el par\u00e1metro cat en una acci\u00f3n traslate, (16) el par\u00e1metro cat en una acci\u00f3n add, o (17) el par\u00e1metro question en una acci\u00f3n add. NOTA: se desconoce la procedencia de esta informaci\u00f3n; Los detalles son obtenidos \u00fanicamente a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-4780",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-21T14:30:00.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37520"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.18."
}
],
"id": "CVE-2023-5317",
"lastModified": "2024-11-21T08:41:30.997",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.227",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-19 13:15
Modified
2024-11-21 07:19
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548E0B23-D73A-44A2-AE94-9C84CE0A55EE",
"versionEndIncluding": "3.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub thorsten/phpmyfaq versiones anteriores a 3.2.0-alpha"
}
],
"id": "CVE-2022-3608",
"lastModified": "2024-11-21T07:19:52.403",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-19T13:15:08.910",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C",
"versionEndExcluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): reflejado en el repositorio de GitHub thorsten/phpmyfaq antes de 3.2.2."
}
],
"id": "CVE-2023-5863",
"lastModified": "2024-11-21T08:42:39.503",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.757",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 16:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1757",
"lastModified": "2024-11-21T07:39:50.357",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T16:15:07.317",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43064/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43064/ | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.ratings.php."
}
],
"id": "CVE-2017-15730",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43064/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43064/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con privilegios de administrador omitan la autorizaci\u00f3n mediante un par\u00e1metro ID de instancia manipulado."
}
],
"id": "CVE-2014-6049",
"lastModified": "2024-11-21T02:13:41.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 16:15
Modified
2024-11-21 07:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1756",
"lastModified": "2024-11-21T07:39:50.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T16:15:07.273",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-02 18:15
Modified
2025-08-14 17:54
Severity ?
5.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
Summary
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCB12FE-8E0E-41DC-9F71-7ABAC5258521",
"versionEndExcluding": "4.0.2",
"versionStartIncluding": "3.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page\u0027s user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de c\u00f3digo abierto para preguntas frecuentes. A partir de la versi\u00f3n 3.2.10 y antes de la versi\u00f3n 4.0.2, un atacante puede inyectar contenido HTML malicioso en el editor de preguntas frecuentes en `http[:]//localhost/admin/index[.]php?action=editentry`, lo que provoca una interrupci\u00f3n total de la interfaz de usuario de la p\u00e1gina de preguntas frecuentes. Al inyectar elementos HTML mal formados con un estilo que cubra toda la pantalla, un atacante puede dejar la p\u00e1gina inutilizable. Esta inyecci\u00f3n manipula la estructura de la p\u00e1gina mediante la introducci\u00f3n de botones, im\u00e1genes e iframes superpuestos, lo que rompe el dise\u00f1o y la funcionalidad previstos. La explotaci\u00f3n de este problema puede provocar una denegaci\u00f3n de servicio para usuarios leg\u00edtimos, da\u00f1os a la experiencia del usuario y un posible abuso en ataques de phishing o desfiguraci\u00f3n. La versi\u00f3n 4.0.2 contiene un parche para la vulnerabilidad."
}
],
"id": "CVE-2024-56199",
"lastModified": "2025-08-14T17:54:26.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-02T18:15:20.427",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-07 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/14516 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.phpmyfaq.de/advisory_2005-03-06.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14516 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/advisory_2005-03-06.php | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B69808-C3F4-401E-996D-88091203698E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "39CA9672-6651-4654-89AB-AF45A3EB2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "E47EB76A-2314-4978-A146-C6C73CF018C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages."
}
],
"id": "CVE-2005-0702",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14516"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- DOM en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.18."
}
],
"id": "CVE-2023-5320",
"lastModified": "2024-11-21T08:41:31.373",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.430",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
},
{
"source": "security@huntr.dev",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 01:15
Modified
2024-11-21 08:34
Severity ?
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9F1132-3D27-4D51-AF94-75A8C3DDE21F",
"versionEndExcluding": "3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"id": "CVE-2023-4006",
"lastModified": "2024-11-21T08:34:12.833",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T01:15:09.937",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 16:15
Modified
2024-11-21 07:39
Severity ?
Summary
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1758",
"lastModified": "2024-11-21T07:39:50.483",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T16:15:07.367",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-75"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.adminlog.php."
}
],
"id": "CVE-2017-15731",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-07 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.phpmyfaq.de/security/advisory-2017-04-02 | Vendor Advisory | |
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/security/advisory-2017-04-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58FC492F-0DFF-4AD4-9ED1-0587EBECA814",
"versionEndIncluding": "2.9.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field."
},
{
"lang": "es",
"value": "inc/PMF/Faq.php en phpMyFAQ en versiones anteriores a 2.9.7 tiene XSS en el campo de pregunta."
}
],
"id": "CVE-2017-7579",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-07T16:59:00.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-16 09:15
Modified
2024-11-21 08:44
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85E03A12-18B2-4BD1-AC03-9440332134B9",
"versionEndExcluding": "3.1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.17."
}
],
"id": "CVE-2023-6890",
"lastModified": "2024-11-21T08:44:46.293",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T09:15:07.470",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ\u0027s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP\u0027s `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user\u0027s phpMyFAQ session. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El campo `email` en la p\u00e1gina del panel de control de usuario de phpMyFAQ es vulnerable a ataques XSS almacenados debido a la insuficiencia de la funci\u00f3n `FILTER_VALIDATE_EMAIL` de PHP, que solo valida el formato del correo electr\u00f3nico, no su contenido. Esta vulnerabilidad permite a un atacante ejecutar JavaScript arbitrario del lado del cliente dentro del contexto de la sesi\u00f3n phpMyFAQ de otro usuario. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-27300",
"lastModified": "2025-01-09T17:16:12.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:57.807",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1883",
"lastModified": "2024-11-21T07:40:04.850",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.273",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-06 15:15
Modified
2025-08-15 18:44
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:4.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3D5A7973-57B0-46D4-8ECE-E824386298D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server\u0027s credential when connection to DB fails. This vulnerability is fixed in 4.0.0."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Antes de la versi\u00f3n 4.0.0, phpMyFAQ expon\u00eda las credenciales del servidor de la base de datos (es decir, PostgreSQL) cuando fallaba la conexi\u00f3n a la base de datos. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 4.0.0."
}
],
"id": "CVE-2024-54141",
"lastModified": "2025-08-15T18:44:17.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-06T15:15:09.530",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1885",
"lastModified": "2024-11-21T07:40:05.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.370",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-05 20:15
Modified
2024-11-21 07:58
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2550",
"lastModified": "2024-11-21T07:58:48.727",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-05T20:15:10.557",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0786",
"lastModified": "2024-11-21T07:37:49.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.197",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0787",
"lastModified": "2024-11-21T07:37:50.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.293",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C",
"versionEndExcluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Caducidad de sesi\u00f3n insuficiente en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.2.2."
}
],
"id": "CVE-2023-5865",
"lastModified": "2024-11-21T08:42:39.783",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.880",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:01
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` \u0026 `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Se ha descubierto una vulnerabilidad de inyecci\u00f3n SQL en `insertentry` y `saveentry` al modificar registros debido a un escape inadecuado de la direcci\u00f3n de correo electr\u00f3nico. Esto permite que cualquier usuario autenticado con derechos para agregar/editar noticias de preguntas frecuentes aproveche esta vulnerabilidad para filtrar datos, hacerse cargo de cuentas y, en algunos casos, incluso lograr RCE. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-28107",
"lastModified": "2025-01-09T17:01:02.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.477",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-17 08:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "972DB9E1-96EB-4DEC-8A58-14DDF7B8A7E2",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "71D0A0BD-EC7D-47C7-8C0F-716EE0843E52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"id": "CVE-2023-2752",
"lastModified": "2024-11-21T07:59:13.467",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T08:15:08.757",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
},
{
"source": "security@huntr.dev",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0312",
"lastModified": "2024-11-21T07:36:57.053",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.893",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
},
{
"source": "security@huntr.dev",
"tags": [
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Carga sin Restricciones de Archivos con Tipo Peligroso en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8."
}
],
"id": "CVE-2023-5227",
"lastModified": "2024-11-21T08:41:19.890",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.070",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-17 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code."
},
{
"lang": "es",
"value": "phpMyFAQ v2.6.11 y v2.6.12, como los distribuidos entre el 4 y el 15 de diciembre de 2010, contiene una modificaci\u00f3n introducida externamente (Troyano) en el m\u00e9todo getTopTen en inc/faq.php, que permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n."
}
],
"id": "CVE-2010-4558",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-17T19:00:26.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42622"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1882",
"lastModified": "2024-11-21T07:40:04.743",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.227",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/ajax.attachment.php y admin/att.main.php."
}
],
"id": "CVE-2017-15733",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-11 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAB360A-D5DD-4DCA-A0C4-B171302FB531",
"versionEndExcluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Reflejados en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.9."
}
],
"id": "CVE-2022-4407",
"lastModified": "2024-11-21T07:35:12.677",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-11T15:15:10.653",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B69808-C3F4-401E-996D-88091203698E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable."
}
],
"id": "CVE-2004-2256",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10377"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-30 01:15
Modified
2025-01-30 17:15
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2428",
"lastModified": "2025-01-30T17:15:15.810",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-30T01:15:09.493",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1879",
"lastModified": "2024-11-21T07:40:04.413",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.083",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.18."
}
],
"id": "CVE-2023-5319",
"lastModified": "2024-11-21T08:41:31.243",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.363",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-15808.md | ||
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php."
},
{
"lang": "es",
"value": "En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Request Forgery (CSRF) en admin/ajax.config.php."
}
],
"id": "CVE-2017-15808",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T17:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-15808.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-11 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/8b47f38 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/8b47f38 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAB360A-D5DD-4DCA-A0C4-B171302FB531",
"versionEndExcluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
},
{
"lang": "es",
"value": "Cookie confidencial en sesi\u00f3n HTTPS sin atributo \u0027seguro\u0027 en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.9."
}
],
"id": "CVE-2022-4409",
"lastModified": "2024-11-21T07:35:12.927",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-11T15:15:10.803",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-614"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1759",
"lastModified": "2024-11-21T07:39:50.590",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.570",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-07 05:29
Modified
2024-11-21 03:53
Severity ?
Summary
phpMyFAQ before 2.9.11 allows CSRF.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA187D80-7802-4512-809B-E2111C631231",
"versionEndExcluding": "2.9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.11 allows CSRF."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.9.11 permite Cross-Site Request Forgery (CSRF)."
}
],
"id": "CVE-2018-16650",
"lastModified": "2024-11-21T03:53:08.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-07T05:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-31 11:15
Modified
2024-11-21 07:20
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS)- Almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8.\n\n"
}
],
"id": "CVE-2022-3765",
"lastModified": "2024-11-21T07:20:12.173",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-31T11:15:10.133",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-05 19:15
Modified
2024-11-21 07:58
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2427",
"lastModified": "2024-11-21T07:58:35.980",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-05T19:15:15.687",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-16 09:15
Modified
2024-11-21 08:44
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85E03A12-18B2-4BD1-AC03-9440332134B9",
"versionEndExcluding": "3.1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.17."
}
],
"id": "CVE-2023-6889",
"lastModified": "2024-11-21T08:44:46.163",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T09:15:07.270",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos ejecuten comandos SQL arbitrarios mediante vectores relacionados con la funci\u00f3n restore."
}
],
"id": "CVE-2014-6045",
"lastModified": "2024-11-21T02:13:40.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F6B11D-C89E-4C4F-A2CA-9CB3F83C8AD3",
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
},
{
"lang": "es",
"value": "Cookie confidencial en sesi\u00f3n HTTPS sin atributo \"seguro\" en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.2.1."
}
],
"id": "CVE-2023-5866",
"lastModified": "2024-11-21T08:42:39.910",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.947",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-614"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 01:15
Modified
2024-11-21 07:39
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1753",
"lastModified": "2024-11-21T07:39:49.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T01:15:09.160",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.main.php."
}
],
"id": "CVE-2017-15734",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-20 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37354 | Vendor Advisory | |
| cve@mitre.org | http://www.phpmyfaq.de/advisory_2009-09-01.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3241 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37354 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/advisory_2009-09-01.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3241 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1A9BDB-6778-4F3E-9ABD-3789BC2C0D1C",
"versionEndIncluding": "2.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5B26F173-5AB9-482C-8B3F-6424359E7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D99DCE-969E-4E2C-8557-DF19F43F7388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "C1833515-70CA-4B10-A947-5F8E544DA110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1B3D0-67F3-4F88-9952-D70CD86387B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80a:*:*:*:*:*:*:*",
"matchCriteriaId": "5E802239-AE7E-4C17-A98C-8E685E77B5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "9E54ADFE-3386-41BC-B08B-DAE967327B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "70079FB1-278D-49A2-8211-E68B7F5F626D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "20020044-2E57-4789-AB98-1B113D523BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5BB764-1B6F-433F-90A4-8103610E8F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DA60DB45-5CFB-4EB2-ACD7-784B1905F259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.666:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA9BBDE-97D0-4B30-AEBB-69A302630542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC2D031-6C8C-49A2-AF52-7C5FE83989B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B69808-C3F4-401E-996D-88091203698E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "39CA9672-6651-4654-89AB-AF45A3EB2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "E47EB76A-2314-4978-A146-C6C73CF018C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "34D1FA39-9778-488F-9582-E37060F3F92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "A62052CA-95C7-43C9-B65B-C2E01EB0EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "89938096-681A-4D77-8BA2-3F4D0A2424E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "8215A5E3-4780-4E45-8B52-F8D00A71D7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7087AF-0DBF-4287-9B58-EA0C3F9F9134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzado (XSS) en phpMyFAQ antes de v2.0.17 y v2.5.x antes de v2.5.2, cuando se utiliza con Internet Explorer v6 o v7, permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de par\u00e1metros no especificados a la p\u00e1gina de b\u00fasqueda."
}
],
"id": "CVE-2009-4040",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-20T19:30:00.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37354"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2025-03-21 19:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0788",
"lastModified": "2025-03-21T19:15:40.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.380",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98C6746C-BF52-486F-86DF-C6FFDF8DC80E",
"versionEndIncluding": "1.6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en phpMyFAQ 1.6.7 y anteriores permite a atacantes remotos enviar secuencias de comandos PHP de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2006-6913",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21945"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0308",
"lastModified": "2024-11-21T07:36:56.590",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.577",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98C6746C-BF52-486F-86DF-C6FFDF8DC80E",
"versionEndIncluding": "1.6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en el phpMyFAQ 1.6.7 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores sin especificar."
}
],
"id": "CVE-2006-6912",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21944"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message."
}
],
"id": "CVE-2005-3050",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:30
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Al manipular el par\u00e1metro de noticias en una solicitud POST, un atacante puede inyectar c\u00f3digo JavaScript malicioso. Al navegar a la p\u00e1gina de noticias comprometida, se activa la carga \u00fatil XSS. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-28106",
"lastModified": "2025-01-09T17:30:11.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.263",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 21:15
Modified
2024-11-21 08:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The \u0027sharing FAQ\u0027 functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application\u0027s email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. La funcionalidad \u0027compartir preguntas frecuentes\u0027 permite a cualquier actor no autenticado hacer un mal uso de la aplicaci\u00f3n phpMyFAQ para enviar correos electr\u00f3nicos arbitrarios a una amplia gama de objetivos. La aplicaci\u00f3n phpMyFAQ tiene una funcionalidad donde cualquiera puede compartir un elemento de preguntas frecuentes con otros. La interfaz de esta funcionalidad permite compartir cualquier art\u00edculo de phpMyFAQ con 5 direcciones de correo electr\u00f3nico. Cualquier actor no autenticado puede realizar esta acci\u00f3n. Existe un CAPTCHA, sin embargo, la cantidad de personas a las que env\u00eda correos electr\u00f3nicos con una sola solicitud no est\u00e1 limitada a 5 por el backend. De este modo, un atacante puede resolver un \u00fanico CAPTCHA y enviar miles de correos electr\u00f3nicos a la vez. Un atacante puede utilizar el servidor de correo electr\u00f3nico de la aplicaci\u00f3n objetivo para enviar mensajes de phishing. Esto puede hacer que el servidor est\u00e9 en una lista negra, lo que hace que todos los correos electr\u00f3nicos terminen en spam. Tambi\u00e9n puede provocar da\u00f1os a la reputaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.5."
}
],
"id": "CVE-2024-22208",
"lastModified": "2024-11-21T08:55:48.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T21:15:11.830",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
jvndb-2014-000015
Vulnerability from jvndb
Published
2014-02-07 12:25
Modified
2014-02-20 14:00
Summary
phpMyFAQ vulnerable to cross-site scripting
Details
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000015.html",
"dc:date": "2014-02-20T14:00+09:00",
"dcterms:issued": "2014-02-07T12:25+09:00",
"dcterms:modified": "2014-02-20T14:00+09:00",
"description": "phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000015.html",
"sec:cpe": {
"#text": "cpe:/a:phpmyfaq:phpmyfaq",
"@product": "phpMyFAQ",
"@vendor": "phpMyFAQ",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000015",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN30050348/index.html",
"@id": "JVN#30050348",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0814",
"@id": "CVE-2014-0814",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0814",
"@id": "CVE-2014-0814",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "phpMyFAQ vulnerable to cross-site scripting"
}
jvndb-2014-000016
Vulnerability from jvndb
Published
2014-02-07 12:26
Modified
2014-02-20 13:58
Summary
phpMyFAQ vulnerable to cross-site request forgery
Details
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability.
References
| ► | Type | URL |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000016.html",
"dc:date": "2014-02-20T13:58+09:00",
"dcterms:issued": "2014-02-07T12:26+09:00",
"dcterms:modified": "2014-02-20T13:58+09:00",
"description": "phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000016.html",
"sec:cpe": {
"#text": "cpe:/a:phpmyfaq:phpmyfaq",
"@product": "phpMyFAQ",
"@vendor": "phpMyFAQ",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000016",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50943964/index.html",
"@id": "JVN#50943964",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0813",
"@id": "CVE-2014-0813",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0813",
"@id": "CVE-2014-0813",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "phpMyFAQ vulnerable to cross-site request forgery"
}