Phpmyfaq: >> Phpmyfaq Security Vulnerabilities
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVSS Score
8.2
EPSS Score
0.002
Published
2022-10-31
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVSS Score
7.3
EPSS Score
0.052
Published
2022-10-31
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVSS Score
7.5
EPSS Score
0.035
Published
2022-10-29
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-10-19
phpMyFAQ before 2.9.11 allows CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-07
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-09-07
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
CVSS Score
5.3
EPSS Score
0.047
Published
2018-08-28
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
CVSS Score
5.3
EPSS Score
0.06
Published
2018-08-28
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
CVSS Score
2.7
EPSS Score
0.012
Published
2018-08-28
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
CVSS Score
5.3
EPSS Score
0.049
Published
2018-08-28