Phpmyfaq: >> Phpmyfaq >> 1.4_alpha1 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-11-20
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-03-07
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.
CVSS Score
5.0
EPSS Score
0.047
Published
2004-12-31