VYPR

Packagist (Composer) package

phpmyfaq/phpmyfaq

pkg:composer/phpmyfaq/phpmyfaq

Vulnerabilities (25)

  • CVE-2026-35676HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password

  • CVE-2026-35675HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintex

  • CVE-2026-35672HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicio

  • CVE-2026-35671HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can

  • CVE-2026-34729MedApr 2, 2026
    affected < 4.1.1fixed 4.1.1

    phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1.

  • CVE-2026-34728HigApr 2, 2026
    affected < 4.1.1fixed 4.1.1

    phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory

  • CVE-2026-32629MedApr 2, 2026
    affected < 4.1.1fixed 4.1.1

    phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 (quoted local part) yet contains raw HTML — for example ""@evil.com.

  • CVE-2026-24422Jan 24, 2026
    affected < 4.0.17fixed 4.0.17

    phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by

  • CVE-2026-24420Jan 24, 2026
    affected < 4.0.17fixed 4.0.17

    phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of author

  • CVE-2026-24421Jan 24, 2026
    affected < 4.0.17fixed 4.0.17

    phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the

  • CVE-2023-53929Dec 17, 2025
    affected <= 3.1.12

    phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user

  • CVE-2025-62519Nov 17, 2025
    affected < 4.0.14fixed 4.0.14

    phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Succe

  • CVE-2024-56199Jan 2, 2025
    affected >= 3.2.10, <= 4.0.1

    phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of th

  • CVE-2024-29196Mar 26, 2024
    affected >= 3.2.5, < 3.2.6fixed 3.2.6

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability i

  • CVE-2024-29179Mar 25, 2024
    affected >= 3.2.5, < 3.2.6fixed 3.2.6

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.

  • CVE-2024-28108Mar 25, 2024
    affected >= 3.2.5, < 3.2.6fixed 3.2.6

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, re

  • CVE-2024-28107Mar 25, 2024
    affected >= 3.2.5, < 3.2.6fixed 3.2.6

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authe

  • CVE-2024-28106Mar 25, 2024
    affected >= 3.2.5, < 3.2.6fixed 3.2.6

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. Thi

  • CVE-2024-28105Mar 25, 2024
    affected >= 3.2.5, < 3.2.6fixed 3.2.6

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .ph

  • CVE-2024-27300Mar 25, 2024
    affected >= 3.2.5, < 3.2.6fixed 3.2.6

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates

Page 1 of 2