Phpmyfaq
Sign in to watchby PhpMyAdmin
Source repositories
CVEs (43)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11187 | Cri | 0.64 | 9.8 | 0.00 | Jul 12, 2017 | phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. | |
| CVE-2017-15808 | Hig | 0.60 | 8.8 | 0.00 | Oct 23, 2017 | In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | |
| CVE-2017-15735 | Hig | 0.60 | 8.8 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | |
| CVE-2017-15734 | Hig | 0.60 | 8.8 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |
| CVE-2017-15730 | Hig | 0.60 | 8.8 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |
| CVE-2026-34728 | Hig | 0.57 | 8.7 | 0.00 | Apr 2, 2026 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTER_SANITIZE_SPECIAL_CHARS filter only encodes HTML special characters (&, ', ", <, >) and characters with ASCII value < 32, and does not prevent directory traversal sequences like ../. Additionally, the endpoint does not validate CSRF tokens, making it exploitable via CSRF attacks. This issue has been patched in version 4.1.1. | |
| CVE-2017-15733 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | |
| CVE-2017-15732 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | |
| CVE-2017-15731 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | |
| CVE-2017-15729 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | |
| CVE-2017-14619 | Med | 0.43 | 6.1 | 0.01 | Sep 20, 2017 | Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | |
| CVE-2026-34729 | Med | 0.40 | 6.1 | 0.00 | Apr 2, 2026 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1. | |
| CVE-2026-32629 | Med | 0.40 | 6.1 | 0.00 | Apr 2, 2026 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 (quoted local part) yet contains raw HTML — for example "<script>alert(1)</script>"@evil.com. PHP's FILTER_VALIDATE_EMAIL accepts this email as valid. The email is stored in the database without HTML sanitization and later rendered in the admin FAQ editor template using Twig's |raw filter, which bypasses auto-escaping entirely. This issue has been patched in version 4.1.1. | |
| CVE-2017-15809 | Med | 0.40 | 6.1 | 0.00 | Oct 23, 2017 | In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | |
| CVE-2017-7579 | Med | 0.40 | 6.1 | 0.00 | Apr 7, 2017 | inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |
| CVE-2017-15727 | Med | 0.38 | 5.4 | 0.00 | Oct 22, 2017 | In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | |
| CVE-2026-34974 | Med | 0.35 | 5.4 | 0.00 | Apr 2, 2026 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. Any user with edit_faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from editor to full admin takeover. This issue has been patched in version 4.1.1. | |
| CVE-2004-2257 | Med | 0.35 | 5.3 | 0.01 | Dec 31, 2004 | phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | |
| CVE-2026-34973 | Med | 0.34 | 5.3 | 0.00 | Apr 2, 2026 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1. | |
| CVE-2017-14618 | Med | 0.34 | 4.8 | 0.01 | Sep 20, 2017 | Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. |