📦 Phpmyfaq

This vulnerability in phpMyFAQ allows attackers to maintain access to user sessions beyond intended expiration times. Attackers can hijack sessions to impersonate legitimate users, potentially accessi...

This vulnerability allows attackers to upload malicious files to phpMyFAQ servers due to insufficient file type validation. Affects all phpMyFAQ installations prior to version 3.1.8. Attackers can pot...

CVE-2023-2429 is an improper access control vulnerability in phpMyFAQ that allows attackers to bypass authentication and gain unauthorized access to administrative functions. This affects all phpMyFAQ...

An unauthenticated remote attacker can trigger generation and download of configuration backup ZIP files in vulnerable phpMyFAQ installations. This exposes sensitive database credentials and configura...

CVE-2023-53929 is a CSV injection vulnerability in phpMyFAQ 3.1.12 that allows authenticated users to inject malicious formulas into their profile names. When an administrator exports user data as a C...

An authenticated SQL injection vulnerability in phpMyFAQ allows users with 'Configuration Edit' permissions to execute arbitrary SQL commands. This can lead to full database compromise including data ...

phpMyFAQ versions 4.0-nightly-2025-10-03 and below allow multiple user accounts to be registered with the same email address due to missing uniqueness enforcement. This creates account ambiguity that ...

phpMyFAQ versions before 4.0.0 expose database credentials in error messages when database connection fails. This allows attackers to obtain sensitive database credentials, potentially leading to full...

This vulnerability in phpMyFAQ allows attackers to upload malicious PHP files by manipulating Content-type and lang parameters during category image uploads. Successful exploitation could lead to remo...

A SQL injection vulnerability in phpMyFAQ allows authenticated users with FAQ news editing permissions to execute arbitrary SQL commands. This can lead to data exfiltration, account takeover, and pote...

A SQL injection vulnerability in phpMyFAQ's 'Add News' functionality allows authenticated users with news editing permissions to execute arbitrary SQL commands. This can lead to data exfiltration, acc...

This CVE describes an authentication bypass vulnerability in phpMyFAQ where attackers can replay captured authentication data to gain unauthorized access. It affects all users running phpMyFAQ version...

This CVE describes an improper privilege management vulnerability in phpMyFAQ versions prior to 3.1.12. It allows authenticated users to escalate privileges and perform administrative actions without ...

CVE-2023-0880 is an input misinterpretation vulnerability in phpMyFAQ that allows attackers to manipulate input processing, potentially leading to unauthorized actions or data exposure. It affects all...

This CVE describes a cross-site scripting (XSS) vulnerability in phpMyFAQ software versions prior to 3.1.11. Attackers can inject malicious scripts into web pages viewed by other users, potentially st...

CVE-2023-0788 is a code injection vulnerability in phpMyFAQ that allows attackers to execute arbitrary code on affected systems. This affects all users running phpMyFAQ versions prior to 3.1.11. The v...

CVE-2023-0790 is an uncaught exception vulnerability in phpMyFAQ that can lead to denial of service or information disclosure. Attackers can trigger unhandled exceptions to crash the application or ex...

This CVE describes weak password requirements in phpMyFAQ versions prior to 3.1.11, allowing attackers to more easily guess or brute-force user passwords. It affects all users of phpMyFAQ with default...

This vulnerability in phpMyFAQ exposes sensitive user information through multiple public API endpoints due to insufficient access controls. Attackers can harvest email addresses for phishing campaign...

This vulnerability allows authenticated users without proper permissions to download FAQ attachments in phpMyFAQ due to flawed permission checks. It affects all installations running phpMyFAQ version ...

This vulnerability in phpMyFAQ allows any authenticated user, regardless of permissions, to trigger configuration backups and retrieve the backup file path. Attackers can access sensitive configuratio...

This stored XSS vulnerability in phpMyFAQ allows attackers to inject malicious JavaScript into administrator browsers by registering users with specially crafted display names. When administrators vie...

This vulnerability allows attackers to inject malicious HTML content into the phpMyFAQ editor, disrupting the user interface and potentially causing denial of service. It affects phpMyFAQ installation...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in phpMyFAQ versions prior to 3.1.9. Attackers can inject malicious scripts via crafted URLs that execute in victims' browsers w...