Phpmyfaq
by Packagist
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6046 | 0.03 | — | 0.00 | Aug 28, 2018 | Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open… | |||
| CVE-2006-6912 | 0.03 | — | 0.00 | Dec 31, 2006 | SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | |||
| CVE-2023-2428 | 0.00 | — | 0.00 | Apr 30, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | |||
| CVE-2023-1887 | 0.00 | — | 0.00 | Apr 5, 2023 | Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||
| CVE-2023-1883 | 0.00 | — | 0.00 | Apr 5, 2023 | Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||
| CVE-2023-1885 | 0.00 | — | 0.00 | Apr 5, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||
| CVE-2023-1760 | 0.00 | — | 0.00 | Mar 31, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||
| CVE-2007-1032 | 0.00 | — | 0.01 | Feb 21, 2007 | Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." | |||
| CVE-2006-6913 | 0.00 | — | 0.01 | Dec 31, 2006 | Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. | |||
| CVE-2005-0702 | 0.00 | — | 0.00 | Mar 7, 2005 | SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages. |
- CVE-2014-6046Aug 28, 2018risk 0.03cvss —epss 0.00
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open…
- CVE-2006-6912Dec 31, 2006risk 0.03cvss —epss 0.00
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
- CVE-2023-2428Apr 30, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
- CVE-2023-1887Apr 5, 2023risk 0.00cvss —epss 0.00
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
- CVE-2023-1883Apr 5, 2023risk 0.00cvss —epss 0.00
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
- CVE-2023-1885Apr 5, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
- CVE-2023-1760Mar 31, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
- CVE-2007-1032Feb 21, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."
- CVE-2006-6913Dec 31, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.
- CVE-2005-0702Mar 7, 2005risk 0.00cvss —epss 0.00
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.