VIR Vulnerability Intelligence Relay

Package impact

php Packagist / thorsten/phpmyfaq

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-35671 high 8.8 8.8 6d ago phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without…
CVE-2026-35676 high 8.2 8.2 6d ago phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Att…
CVE-2026-35675 high 8.2 8.2 6d ago phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verificatio…
CVE-2026-35672 high 7.5 7.5 6d ago phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers c…
CVE-2026-46365 medium 5.4 5.4 19d ago phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, incl…
CVE-2026-46360 medium 5.4 5.4 19d ago phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass san…
CVE-2026-46363 medium 5.4 5.4 19d ago phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authent…
CVE-2026-45009 medium 4.3 4.3 19d ago phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login statu…
CVE-2026-24421 unknown 1.0 4mo ago phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
CVE-2024-55889 unknown 1.0 2y ago thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
CVE-2022-4407 unknown 1.0 4y ago phpMyFAQ vulnerable to Cross-site Scripting
CVE-2022-3766 unknown 1.0 4y ago phpMyFAQ vulnerable to reflected Cross-site Scripting
CVE-2026-34974 unknown 2mo ago phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
CVE-2026-34973 unknown 2mo ago phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
CVE-2026-32629 unknown 2mo ago phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
CVE-2026-27836 unknown 3mo ago phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint
CVE-2026-24422 unknown 4mo ago phpMyFAQ: Public API endpoints expose emails and invisible questions
CVE-2026-24420 unknown 4mo ago phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
CVE-2025-69200 unknown 5mo ago phpMyFAQ has unauthenticated config backup download via /api/setup/backup
CVE-2025-68951 unknown 5mo ago phpMyFAQ has Stored XSS in user list via admin-managed display_name
CVE-2023-53929 unknown 6mo ago phpMyFAQ contains a CSV injection vulnerability
CVE-2025-62519 unknown 7mo ago phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
CVE-2025-59943 unknown 8mo ago phpMyFAQ duplicate email registration allows multiple accounts with the same email
CVE-2024-56199 unknown 1y ago phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
CVE-2024-54141 unknown 2y ago phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
CVE-2023-6890 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-6889 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-5865 unknown 3y ago Insufficient Session Expiration in thorsten/phpmyfaq
CVE-2023-5864 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-5867 unknown 3y ago Cross-site Scripting (XSS) in thorsten/phpmyfaq
CVE-2023-5866 unknown 3y ago Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
CVE-2023-5863 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-5317 unknown 3y ago phpMyFaq Cross-site Scripting vulnerability
CVE-2023-5227 unknown 3y ago phpMyFAQ allows unrestricted file types in image field
CVE-2023-5320 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-5319 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-5316 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-4007 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2023-4006 unknown 3y ago phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability
CVE-2023-3469 unknown 3y ago phpMyFAQ Cross-site Scripting
CVE-2023-2998 unknown 3y ago thorsten/phpmyfaq vulnerable to cross-site scripting
CVE-2023-2999 unknown 3y ago thorsten/phpmyfaq vulnerable to cross-site scripting
CVE-2023-2752 unknown 3y ago phpMyFAQ vulnerable to stored Cross-site Scripting
CVE-2023-2753 unknown 3y ago phpMyFAQ vulnerable to stored Cross-site Scripting
CVE-2023-2550 unknown 3y ago Cross Site Scripting in thorsten/phpmyfaq
CVE-2023-2427 unknown 3y ago Cross Site Scripting in thorsten/phpmyfaq
CVE-2023-2429 unknown 3y ago phpMyFAQ Improper Access Control vulnerability
CVE-2023-2428 unknown 3y ago phpMyFAQ vulnerable to Stored Cross-site Scripting
CVE-2023-1875 unknown 3y ago Cross-site Scripting in thorsten/phpmyfaq
CVE-2023-1882 unknown 3y ago thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
CVE-2023-1880 unknown 3y ago thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
CVE-2023-1879 unknown 3y ago thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter
CVE-2023-1758 unknown 3y ago thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
CVE-2023-1757 unknown 3y ago thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
CVE-2023-1885 unknown 3y ago thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter
CVE-2023-1883 unknown 3y ago thorsten/phpmyfaq vulnerable to improper access control
CVE-2023-1886 unknown 3y ago thorsten/phpmyfaq vulnerable to authentication bypass
CVE-2023-1756 unknown 3y ago thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
CVE-2023-1878 unknown 3y ago thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog
CVE-2023-1884 unknown 3y ago thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
CVE-2023-1887 unknown 3y ago thorsten/phpmyfaq vulnerable to business logic errors
CVE-2023-1753 unknown 3y ago phpMyFAQ has weak password requirements
CVE-2023-1754 unknown 3y ago phpMyFAQ vulnerable to improper input validation
CVE-2023-1759 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2023-1760 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2023-1755 unknown 3y ago phpMyFAQ Cross-site Scripting vulnerability
CVE-2023-1761 unknown 3y ago phpMyFAQ Code Injection vulnerability
CVE-2023-1762 unknown 3y ago thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
CVE-2023-0880 unknown 3y ago Misinterpretation of Input in thorsten/phpmyfaq
CVE-2023-0789 unknown 3y ago Command Injection in thorsten/phpmyfaq
CVE-2023-0790 unknown 3y ago Uncaught Exception in thorsten/phpmyfaq
CVE-2023-0794 unknown 3y ago Cross-site Scripting in thorsten/phpmyfaq
CVE-2023-0788 unknown 3y ago Code Injection in thorsten/phpmyfaq
CVE-2023-0791 unknown 3y ago Cross-site Scripting in thorsten/phpmyfaq
CVE-2023-0786 unknown 3y ago Cross-site Scripting in thorsten/phpmyfaq
CVE-2023-0787 unknown 3y ago Cross-site Scripting in thorsten/phpmyfaq
CVE-2023-0792 unknown 3y ago Code Injection in thorsten/phpmyfaq
CVE-2023-0793 unknown 3y ago Weak Password Requirements in thorsten/phpmyfaq
CVE-2023-0306 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2023-0307 unknown 3y ago phpMyFAQ has Weak Password Requirements
CVE-2023-0308 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2023-0310 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2023-0312 unknown 3y ago thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
CVE-2023-0314 unknown 3y ago phpMyFAQ Reflected Cross-site Scripting vulnerability
CVE-2023-0311 unknown 3y ago phpMyFAQ Improper Authentication vulnerability
CVE-2023-0309 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2023-0313 unknown 3y ago phpMyFAQ Stored Cross-site Scripting vulnerability
CVE-2022-4408 unknown 4y ago phpMyFAQ vulnerable to Cross-site Scripting
CVE-2022-4409 unknown 4y ago phpMyFAQ has insecure HTTP cookies
CVE-2022-3765 unknown 4y ago phpMyFAQ vulnerable to stored Cross-site Scripting
CVE-2022-3754 unknown 4y ago phpMyFAQ contains Weak Password Requirements
CVE-2022-3608 unknown 4y ago phpMyFAQ vulnerable to Cross-site Scripting
CVE-2018-16650 unknown 4y ago phpMyFAQ CSRF