VYPR

Packagist (Composer) package

thorsten/phpmyfaq

pkg:composer/thorsten/phpmyfaq

Vulnerabilities (89)

  • CVE-2026-35676HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password

  • CVE-2026-35675HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintex

  • CVE-2026-35672HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicio

  • CVE-2026-35671HigMay 28, 2026
    affected < 4.1.3fixed 4.1.3

    phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can

  • CVE-2026-34974MedApr 2, 2026
    affected < 4.1.1fixed 4.1.1

    phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with edit_faq permission can upload a malic

  • CVE-2026-34973MedApr 2, 2026
    affected < 4.1.1fixed 4.1.1

    phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does

  • CVE-2026-32629MedApr 2, 2026
    affected < 4.1.1fixed 4.1.1

    phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 (quoted local part) yet contains raw HTML — for example ""@evil.com.

  • CVE-2026-27836Feb 27, 2026
    affected < 4.0.18fixed 4.0.18

    phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers t

  • CVE-2026-24422Jan 24, 2026
    affected < 4.0.17fixed 4.0.17

    phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by

  • CVE-2026-24420Jan 24, 2026
    affected < 4.0.17fixed 4.0.17

    phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of author

  • CVE-2026-24421Jan 24, 2026
    affected < 4.0.17fixed 4.0.17

    phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the

  • CVE-2025-69200Dec 29, 2025
    affected < 4.0.16fixed 4.0.16

    phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains s

  • CVE-2025-68951Dec 29, 2025
    affected >= 4.0.14, < 4.0.16fixed 4.0.16

    phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities.

  • CVE-2023-53929Dec 17, 2025
    affected <= 3.1.12

    phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user

  • CVE-2025-62519Nov 17, 2025
    affected < 4.0.14fixed 4.0.14

    phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Succe

  • CVE-2025-59943Oct 3, 2025
    affected >= 4.0.7, < 4.0.13fixed 4.0.13

    phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier

  • CVE-2024-56199Jan 2, 2025
    affected >= 3.2.10, <= 4.0.1

    phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of th

  • CVE-2024-55889Dec 13, 2024
    affected < 3.2.10fixed 3.2.10

    phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interactio

  • CVE-2024-54141Dec 6, 2024
    affected < 4.0.0fixed 4.0.0

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.

  • CVE-2023-6890Dec 16, 2023
    affected < 3.1.17fixed 3.1.17

    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

Page 1 of 5