Vulnerabilites related to phpMyFAQ - phpMyFAQ
cve-2023-0791
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:21:32.616Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
}
],
"source": {
"advisory": "7152b340-c6f3-4ac8-9f62-f764a267488d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0791",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5865
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-17 13:35
Severity ?
EPSS score ?
Summary
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5865",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:18:18.925983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:35:48.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:40.896Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
}
],
"source": {
"advisory": "4c4b7395-d9fd-4ca0-98d7-2e20c1249aff",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5865",
"datePublished": "2023-10-31T00:00:40.896Z",
"dateReserved": "2023-10-31T00:00:36.972Z",
"dateUpdated": "2024-09-17T13:35:48.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4408
Vulnerability from cvelistv5
Published
2022-12-11 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-11T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
}
],
"source": {
"advisory": "2ec4ddd4-de22-4f2d-ba92-3382b452bfea",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4408",
"datePublished": "2022-12-11T00:00:00",
"dateReserved": "2022-12-11T00:00:00",
"dateUpdated": "2024-08-03T01:41:44.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4006
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-11 19:41
Severity ?
EPSS score ?
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4006",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:40:23.540532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T19:41:41.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:20.202Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
}
],
"source": {
"advisory": "36149a42-cbd5-445e-a371-e351c899b189",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4006",
"datePublished": "2023-07-31T00:00:20.202Z",
"dateReserved": "2023-07-31T00:00:06.865Z",
"dateUpdated": "2024-10-11T19:41:41.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28106
Vulnerability from cvelistv5
Published
2024-03-25 18:41
Modified
2024-08-02 00:48
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:06:05.995106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:07:06.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:41:58.260Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
}
],
"source": {
"advisory": "GHSA-6p68-36m6-392r",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored XSS at FAQ News Content"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28106",
"datePublished": "2024-03-25T18:41:58.260Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-02T00:48:49.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1879
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:39
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1879",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:39:54.596656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:39:58.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
}
],
"source": {
"advisory": "1dc7f818-c8ea-4f80-b000-31b48a426334",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1879",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:39:58.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0787
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:21:00.832Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
}
],
"source": {
"advisory": "87397c71-7b84-4617-a66e-fa6c73be9024",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0787",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6047
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://techdefencelabs.com/security-advisories.html | x_refsource_MISC | |
| https://www.phpmyfaq.de/security/advisory-2014-09-16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect \"download an attachment\" permission checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect \"download an attachment\" permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6047",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6913
Vulnerability from cvelistv5
Published
2007-01-09 18:00
Modified
2024-08-07 20:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21945 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/23651 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpmyfaq.de/advisory_2006-12-15.php | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/0077 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21945"
},
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21945"
},
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21945"
},
{
"name": "23651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23651"
},
{
"name": "http://www.phpmyfaq.de/advisory_2006-12-15.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6913",
"datePublished": "2007-01-09T18:00:00",
"dateReserved": "2007-01-09T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6912
Vulnerability from cvelistv5
Published
2007-01-09 18:00
Modified
2024-08-07 20:42
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23651 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpmyfaq.de/advisory_2006-12-15.php | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/0077 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32802 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/21944 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"name": "phpmyfaq-attachment-sql-injection(32802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"name": "21944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"name": "phpmyfaq-attachment-sql-injection(32802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"name": "21944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23651"
},
{
"name": "http://www.phpmyfaq.de/advisory_2006-12-15.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"name": "ADV-2007-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"name": "phpmyfaq-attachment-sql-injection(32802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"name": "21944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6912",
"datePublished": "2007-01-09T18:00:00",
"dateReserved": "2007-01-09T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0880
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMisinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-115",
"description": "CWE-115 Misinterpretation of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:11:04.242Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
}
],
"source": {
"advisory": "14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c",
"discovery": "EXTERNAL"
},
"title": "Misinterpretation of Input in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0880",
"datePublished": "2023-02-17T00:00:00",
"dateReserved": "2023-02-17T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1880
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:50
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:50:31.123886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:50:34.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
}
],
"source": {
"advisory": "ece5f051-674e-4919-b998-594714910f9e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1880",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:50:34.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0702
Vulnerability from cvelistv5
Published
2005-03-09 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/14516 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpmyfaq.de/advisory_2005-03-06.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:39:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14516"
},
{
"name": "http://www.phpmyfaq.de/advisory_2005-03-06.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0702",
"datePublished": "2005-03-09T05:00:00",
"dateReserved": "2005-03-09T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-29179
Vulnerability from cvelistv5
Published
2024-03-25 20:27
Modified
2024-08-02 01:10
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:47:56.549461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:48:07.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T20:27:55.083Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
}
],
"source": {
"advisory": "GHSA-hm8r-95g3-5hj9",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored Cross-site Scripting at File Attachments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29179",
"datePublished": "2024-03-25T20:27:55.083Z",
"dateReserved": "2024-03-18T17:07:00.092Z",
"dateUpdated": "2024-08-02T01:10:54.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15727
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-08-05 20:04
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/43063/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43063",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43063",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43063",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15727",
"datePublished": "2017-10-21T22:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2429
Vulnerability from cvelistv5
Published
2023-04-30 00:00
Modified
2025-01-30 16:57
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2429",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T16:57:44.620937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T16:57:49.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-30T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
}
],
"source": {
"advisory": "20d3a0b3-2693-4bf1-b196-10741201a540",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2429",
"datePublished": "2023-04-30T00:00:00.000Z",
"dateReserved": "2023-04-30T00:00:00.000Z",
"dateUpdated": "2025-01-30T16:57:49.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5866
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 19:57
Severity ?
EPSS score ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T19:56:51.380216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T19:57:57.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:42.138Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
}
],
"source": {
"advisory": "ec44bcba-ae7f-497a-851e-8165ecf56945",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5866",
"datePublished": "2023-10-31T00:00:42.138Z",
"dateReserved": "2023-10-31T00:00:37.064Z",
"dateUpdated": "2024-09-05T19:57:57.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4040
Vulnerability from cvelistv5
Published
2009-11-20 19:00
Modified
2024-09-16 16:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3241 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/37354 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpmyfaq.de/advisory_2009-09-01.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"name": "37354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"name": "37354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"name": "37354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37354"
},
{
"name": "http://www.phpmyfaq.de/advisory_2009-09-01.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4040",
"datePublished": "2009-11-20T19:00:00Z",
"dateReserved": "2009-11-20T00:00:00Z",
"dateUpdated": "2024-09-16T16:23:01.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1887
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:46
Severity ?
EPSS score ?
Summary
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:46:37.018056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:46:42.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
}
],
"source": {
"advisory": "e4a58835-96b5-412c-a17e-3ceed30231e1",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1887",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:46:42.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24574
Vulnerability from cvelistv5
Published
2024-02-05 20:57
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/pull/2827 | x_refsource_MISC | |
| https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/pull/2827",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:57:13.115Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/pull/2827",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
}
],
"source": {
"advisory": "GHSA-7m8g-fprr-47fx",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ vulnerable to stored XSS on attachments filename"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24574",
"datePublished": "2024-02-05T20:57:13.115Z",
"dateReserved": "2024-01-25T15:09:40.211Z",
"dateUpdated": "2024-08-01T23:19:52.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14619
Vulnerability from cvelistv5
Published
2017-09-20 21:00
Modified
2024-08-05 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42987/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86 | x_refsource_MISC | |
| http://www.phpmyfaq.de/security/advisory-2017-10-19 | x_refsource_CONFIRM | |
| https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42987",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the \"Title of your FAQ\" field in the Configuration Module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42987",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the \"Title of your FAQ\" field in the Configuration Module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42987",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-10-19",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"name": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14619",
"datePublished": "2017-09-20T21:00:00",
"dateReserved": "2017-09-20T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3783
Vulnerability from cvelistv5
Published
2011-09-24 00:00
Modified
2024-09-16 20:46
Severity ?
EPSS score ?
Summary
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13 | x_refsource_MISC | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3783",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:46:39.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0311
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
}
],
"source": {
"advisory": "82b0b629-c56b-4651-af3f-17f749751857",
"discovery": "EXTERNAL"
},
"title": "Improper Authentication in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0311",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15808
Vulnerability from cvelistv5
Published
2017-10-23 17:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15808",
"datePublished": "2017-10-23T17:00:00Z",
"dateReserved": "2017-10-23T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:54.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0312
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
}
],
"source": {
"advisory": "f50ec8d1-cd60-4c2d-9ab8-3711870d83b9",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0312",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15734
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 19:21
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15734",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:21:09.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0792
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCode Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:07:27.626Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
}
],
"source": {
"advisory": "9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f",
"discovery": "EXTERNAL"
},
"title": " Code Injection in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0792",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1884
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:48:00.568439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:48:05.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
}
],
"source": {
"advisory": "dda73cb6-9344-4822-97a1-2e31efb6a73e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1884",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:48:05.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1755
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:59
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1755",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:59:13.887819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:59:18.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
}
],
"source": {
"advisory": "882ffa07-5397-4dbb-886f-4626859d711a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1755",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:59:18.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1762
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-12 16:00
Severity ?
EPSS score ?
Summary
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1762",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:00:40.018945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:00:48.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
}
],
"source": {
"advisory": "3c2374cc-7082-44b7-a6a6-ccff7a650a3a",
"discovery": "EXTERNAL"
},
"title": "Improper Privilege Management in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1762",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:00:48.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2427
Vulnerability from cvelistv5
Published
2023-05-05 00:00
Modified
2025-01-29 17:53
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2427",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:53:09.198182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T17:53:14.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
}
],
"source": {
"advisory": "89005a6d-d019-4cb7-ae88-486d2d44190d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2427",
"datePublished": "2023-05-05T00:00:00.000Z",
"dateReserved": "2023-04-30T00:00:00.000Z",
"dateUpdated": "2025-01-29T17:53:14.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1882
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:49
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:49:38.473966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:49:42.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
}
],
"source": {
"advisory": "8ab09a1c-cfd5-4ce0-aae3-d33c93318957",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1882",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:49:42.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1760
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:45
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:44:48.135653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:45:03.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
}
],
"source": {
"advisory": "2d0ac48a-490d-4548-8d98-7447042dd1b5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1760",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:45:03.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4407
Vulnerability from cvelistv5
Published
2022-12-11 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-11T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
}
],
"source": {
"advisory": "a1649f43-78c9-4927-b313-36911872a84b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4407",
"datePublished": "2022-12-11T00:00:00",
"dateReserved": "2022-12-11T00:00:00",
"dateUpdated": "2024-08-03T01:41:44.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5317
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:17
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5317",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:17:14.408970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:17:37.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:17.363Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
}
],
"source": {
"advisory": "5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5317",
"datePublished": "2023-09-30T00:00:17.363Z",
"dateReserved": "2023-09-30T00:00:06.550Z",
"dateUpdated": "2024-09-23T16:17:37.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5867
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-08-02 08:14
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:41.524Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
}
],
"source": {
"advisory": "5c09b32e-a041-4a1e-a277-eb3e80967df0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5867",
"datePublished": "2023-10-31T00:00:41.524Z",
"dateReserved": "2023-10-31T00:00:37.828Z",
"dateUpdated": "2024-08-02T08:14:24.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2255
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpmyfaq.de/advisory_2004-05-18.php | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/10374 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1010190 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16177 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/6300 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/11640 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "10374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "phpmyfaq-file-include(16177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"name": "6300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6300"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "10374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "phpmyfaq-file-include(16177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"name": "6300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6300"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/advisory_2004-05-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "10374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10374"
},
{
"name": "1010190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "phpmyfaq-file-include(16177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"name": "6300",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6300"
},
{
"name": "11640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2255",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15728
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15728",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:00.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28105
Vulnerability from cvelistv5
Published
2024-03-25 18:35
Modified
2024-08-13 14:20
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:48.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T19:39:05.423520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:20:12.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:35:05.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
}
],
"source": {
"advisory": "GHSA-pwh2-fpfr-x5gf",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ\u0027s File Upload Bypass at Category Image Leads to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28105",
"datePublished": "2024-03-25T18:35:05.202Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-13T14:20:12.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0790
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:07:53.604Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
}
],
"source": {
"advisory": "06af150b-b481-4248-9a48-56ded2814156",
"discovery": "EXTERNAL"
},
"title": "Uncaught Exception in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0790",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4409
Vulnerability from cvelistv5
Published
2022-12-11 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-11T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
}
],
"source": {
"advisory": "5915ed4c-5fe2-42e7-8fac-5dd0d032727c",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4409",
"datePublished": "2022-12-11T00:00:00",
"dateReserved": "2022-12-11T00:00:00",
"dateUpdated": "2024-08-03T01:41:44.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1756
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:43
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:43:35.013125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:43:41.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:28:50.812Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
}
],
"source": {
"advisory": "e495b443-b328-42f5-aed5-d68b929b4cb9",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1756",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:43:41.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0310
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
}
],
"source": {
"advisory": "051d5e20-7fab-4769-bd7d-d986b804bb5a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0310",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0313
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
}
],
"source": {
"advisory": "bc27e84b-1f91-4e1b-a78c-944edeba8256",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0313",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15731
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 19:00
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15731",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:00:35.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3046
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rgod.altervista.org/phpmyfuck151.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112749230124091&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3046",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0314
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
}
],
"source": {
"advisory": "eac0a9d7-9721-4191-bef3-d43b0df59c67",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0314",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1759
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:45
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:45:28.099687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:45:36.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
}
],
"source": {
"advisory": "e8109aed-d364-4c0c-9545-4de0347b10e1",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1759",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:45:36.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0813
Vulnerability from cvelistv5
Published
2014-02-14 16:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN50943964/index.html | third-party-advisory, x_refsource_JVN | |
| http://osvdb.org/102939 | vdb-entry, x_refsource_OSVDB | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/65368 | vdb-entry, x_refsource_BID | |
| http://www.phpmyfaq.de/advisory_2014-02-04.php | x_refsource_CONFIRM | |
| http://secunia.com/advisories/56006 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90963 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#50943964",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"name": "102939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102939"
},
{
"name": "JVNDB-2014-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "phpmyfaq-cve20140813-csrf(90963)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#50943964",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"name": "102939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102939"
},
{
"name": "JVNDB-2014-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "phpmyfaq-cve20140813-csrf(90963)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#50943964",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"name": "102939",
"refsource": "OSVDB",
"url": "http://osvdb.org/102939"
},
{
"name": "JVNDB-2014-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"name": "65368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"name": "http://www.phpmyfaq.de/advisory_2014-02-04.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56006"
},
{
"name": "phpmyfaq-cve20140813-csrf(90963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0813",
"datePublished": "2014-02-14T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16650
Vulnerability from cvelistv5
Published
2018-09-07 05:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
phpMyFAQ before 2.9.11 allows CSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.phpmyfaq.de/security/advisory-2018-09-02 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.11 allows CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.9.11 allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyfaq.de/security/advisory-2018-09-02",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16650",
"datePublished": "2018-09-07T05:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:32:53.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1878
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:40
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:40:29.203819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:40:33.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
}
],
"source": {
"advisory": "93f981a3-231d-460d-a239-bb960e8c2fdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1878",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:40:33.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7579
Vulnerability from cvelistv5
Published
2017-04-07 16:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpmyfaq.de/security/advisory-2017-04-02 | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-04-02",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7579",
"datePublished": "2017-04-07T16:00:00",
"dateReserved": "2017-04-07T00:00:00",
"dateUpdated": "2024-08-05T16:04:12.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5864
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-17 13:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:54:56.451025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:55:06.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:19.789Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
}
],
"source": {
"advisory": "e4b0e8f4-5e06-49d1-832f-5756573623ad",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5864",
"datePublished": "2023-10-31T00:00:19.789Z",
"dateReserved": "2023-10-31T00:00:07.416Z",
"dateUpdated": "2024-09-17T13:55:06.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3765
Vulnerability from cvelistv5
Published
2022-10-31 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
}
],
"source": {
"advisory": "613143a1-8e51-449a-b214-12458308835d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3765",
"datePublished": "2022-10-31T00:00:00",
"dateReserved": "2022-10-31T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5319
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:08
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:08:29.586177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:08:54.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:16.272Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
}
],
"source": {
"advisory": "e2542cbe-41ab-4a90-b6a4-191884c1834d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5319",
"datePublished": "2023-09-30T00:00:16.272Z",
"dateReserved": "2023-09-30T00:00:06.956Z",
"dateUpdated": "2024-09-23T16:08:54.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1875
Vulnerability from cvelistv5
Published
2023-04-22 00:00
Modified
2025-02-04 19:36
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:36:40.753153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:36:45.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:12:33.630Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
}
],
"source": {
"advisory": "39715aaf-e798-4c60-97c4-45f4f2cd5c61",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1875",
"datePublished": "2023-04-22T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:36:45.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0814
Vulnerability from cvelistv5
Published
2014-02-14 16:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/65368 | vdb-entry, x_refsource_BID | |
| http://www.phpmyfaq.de/advisory_2014-02-04.php | x_refsource_CONFIRM | |
| http://secunia.com/advisories/56006 | third-party-advisory, x_refsource_SECUNIA | |
| http://jvn.jp/en/jp/JVN30050348/index.html | third-party-advisory, x_refsource_JVN | |
| http://osvdb.org/102940 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "JVN#30050348",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"name": "102940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T17:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"name": "65368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56006"
},
{
"name": "JVN#30050348",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"name": "102940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000015",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"name": "65368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"name": "http://www.phpmyfaq.de/advisory_2014-02-04.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"name": "56006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56006"
},
{
"name": "JVN#30050348",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"name": "102940",
"refsource": "OSVDB",
"url": "http://osvdb.org/102940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0814",
"datePublished": "2014-02-14T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5227
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:12
Severity ?
EPSS score ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:11:37.575536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:12:25.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:15.175Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
}
],
"source": {
"advisory": "a335c013-db75-4120-872c-42059c7100e8",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5227",
"datePublished": "2023-09-30T00:00:15.175Z",
"dateReserved": "2023-09-27T13:07:57.342Z",
"dateUpdated": "2024-09-23T16:12:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6890
Vulnerability from cvelistv5
Published
2023-12-16 08:57
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T09:53:40.635Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
}
],
"source": {
"advisory": "2cf11678-8793-4fa1-b21a-f135564a105d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6890",
"datePublished": "2023-12-16T08:57:31.033Z",
"dateReserved": "2023-12-16T08:57:21.686Z",
"dateUpdated": "2024-08-02T08:42:08.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0309
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:54.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
}
],
"source": {
"advisory": "c03c5925-43ff-450d-9827-2b65a3307ed6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0309",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:54.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6050
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://techdefencelabs.com/security-advisories.html | x_refsource_MISC | |
| https://www.phpmyfaq.de/security/advisory-2014-09-16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6050",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1032
Vulnerability from cvelistv5
Published
2007-02-21 11:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32573 | vdb-entry, x_refsource_XF | |
| http://www.phpmyfaq.de/advisory_2007-02-18.php | x_refsource_CONFIRM | |
| http://osvdb.org/32603 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24230 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpmyfaq-php-file-upload(32573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"name": "32603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32603"
},
{
"name": "24230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to \"gain the privilege for uploading files on the server.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpmyfaq-php-file-upload(32573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"name": "32603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32603"
},
{
"name": "24230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to \"gain the privilege for uploading files on the server.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpmyfaq-php-file-upload(32573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"name": "http://www.phpmyfaq.de/advisory_2007-02-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"name": "32603",
"refsource": "OSVDB",
"url": "http://osvdb.org/32603"
},
{
"name": "24230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1032",
"datePublished": "2007-02-21T11:00:00",
"dateReserved": "2007-02-20T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15730
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-08-05 20:04
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/43064/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"name": "43064",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43064/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"name": "43064",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43064/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"name": "43064",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43064/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15730",
"datePublished": "2017-10-21T22:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27299
Vulnerability from cvelistv5
Published
2024-03-25 18:26
Modified
2024-08-02 00:28
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011 | x_refsource_MISC | |
| https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:29:00.738237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:17.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"name": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the \"Add News\" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP\u0027s `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:26:14.879Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"name": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
}
],
"source": {
"advisory": "GHSA-qgxx-4xv5-6hcw",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ SQL Injection at \"Save News\""
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27299",
"datePublished": "2024-03-25T18:26:14.879Z",
"dateReserved": "2024-02-22T18:08:38.875Z",
"dateUpdated": "2024-08-02T00:28:00.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28107
Vulnerability from cvelistv5
Published
2024-03-25 18:47
Modified
2024-08-02 00:48
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.25"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-26T19:30:27.977635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:50:55.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` \u0026 `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:47:12.328Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
}
],
"source": {
"advisory": "GHSA-2grw-mc9r-822r",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ SQL injections at insertentry \u0026 saveentry"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28107",
"datePublished": "2024-03-25T18:47:12.328Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-02T00:48:49.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-29196
Vulnerability from cvelistv5
Published
2024-03-26 03:01
Modified
2024-08-05 16:29
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72 | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29196",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:25:22.893037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:29:28.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "= 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T03:01:36.890Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
}
],
"source": {
"advisory": "GHSA-mmh6-5cpf-2c72",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Path Traversal in Attachments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29196",
"datePublished": "2024-03-26T03:01:36.890Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2024-08-05T16:29:28.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15733
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-17 02:56
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15733",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:56:40.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3049
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/16933 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/14930 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/19670 | vdb-entry, x_refsource_OSVDB | |
| http://rgod.altervista.org/phpmyfuck151.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112749230124091&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22405 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1014968 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16933"
},
{
"name": "14930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14930"
},
{
"name": "19670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19670"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"name": "phpmyfaq-log-user-information-disclosure(22405)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"name": "1014968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16933"
},
{
"name": "14930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14930"
},
{
"name": "19670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19670"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"name": "phpmyfaq-log-user-information-disclosure(22405)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"name": "1014968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16933"
},
{
"name": "14930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14930"
},
{
"name": "19670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19670"
},
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"name": "phpmyfaq-log-user-information-disclosure(22405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"name": "1014968",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3049",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1883
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:49
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:49:04.037939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:49:15.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
}
],
"source": {
"advisory": "2f1e417d-cf64-4cfb-954b-3a9cb2f38191",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1883",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:49:15.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1886
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:47
Severity ?
EPSS score ?
Summary
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:47:06.330454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:47:10.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:11:46.085Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
}
],
"source": {
"advisory": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass by Capture-replay in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1886",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:47:10.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0308
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:54.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
}
],
"source": {
"advisory": "83cfed62-af8b-4aaa-94f2-5a33dc0c2d69",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0308",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:54.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1758
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:42
Severity ?
EPSS score ?
Summary
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1758",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:42:37.059518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:42:40.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
}
],
"source": {
"advisory": "0854328e-eb00-41a3-9573-8da8f00e369c",
"discovery": "EXTERNAL"
},
"title": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1758",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:42:40.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2550
Vulnerability from cvelistv5
Published
2023-05-05 00:00
Modified
2025-02-12 16:30
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2550",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:14:20.097724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:30:39.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
}
],
"source": {
"advisory": "840c8d91-c97e-4116-a9f8-4ab1a38d239b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2550",
"datePublished": "2023-05-05T00:00:00.000Z",
"dateReserved": "2023-05-05T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:30:39.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2428
Vulnerability from cvelistv5
Published
2023-04-30 00:00
Modified
2025-01-30 16:58
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2428",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T16:58:27.839199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T16:58:31.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-30T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
}
],
"source": {
"advisory": "cee65b6d-b003-4e6a-9d14-89aa94bee43e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2428",
"datePublished": "2023-04-30T00:00:00.000Z",
"dateReserved": "2023-04-30T00:00:00.000Z",
"dateUpdated": "2025-01-30T16:58:31.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2257
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2025-01-16 19:34
Severity ?
EPSS score ?
Summary
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/8240 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1010795 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/12085 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16814 | vdb-entry, x_refsource_XF | |
| http://www.phpmyfaq.de/advisory_2004-07-27.php | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/10813 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8240"
},
{
"name": "1010795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"name": "12085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12085"
},
{
"name": "phpmyfaq-authentication-bypass(16814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"name": "10813",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10813"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2004-2257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T16:36:54.394607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:34:58.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8240"
},
{
"name": "1010795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"name": "12085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12085"
},
{
"name": "phpmyfaq-authentication-bypass(16814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"name": "10813",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8240",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8240"
},
{
"name": "1010795",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010795"
},
{
"name": "12085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12085"
},
{
"name": "phpmyfaq-authentication-bypass(16814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"name": "http://www.phpmyfaq.de/advisory_2004-07-27.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"name": "10813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2257",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2025-01-16T19:34:58.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2998
Vulnerability from cvelistv5
Published
2023-05-31 00:00
Modified
2025-01-10 16:26
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2998",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:26:29.735477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:26:40.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
}
],
"source": {
"advisory": "8282d78e-f399-4bf4-8403-f39103a31e78",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2998",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-31T00:00:00",
"dateUpdated": "2025-01-10T16:26:40.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3766
Vulnerability from cvelistv5
Published
2022-10-31 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
}
],
"source": {
"advisory": "d9666520-4ff5-43bb-aacf-50c8e5570983",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3766",
"datePublished": "2022-10-31T00:00:00",
"dateReserved": "2022-10-31T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2753
Vulnerability from cvelistv5
Published
2023-05-17 00:00
Modified
2025-01-22 18:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-beta |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2753",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:09:09.941988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:09:14.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-beta",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
}
],
"source": {
"advisory": "eca2284d-e81a-4ab8-91bb-7afeca557628",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2753",
"datePublished": "2023-05-17T00:00:00.000Z",
"dateReserved": "2023-05-17T00:00:00.000Z",
"dateUpdated": "2025-01-22T18:09:14.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6048
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://techdefencelabs.com/security-advisories.html | x_refsource_MISC | |
| https://www.phpmyfaq.de/security/advisory-2014-09-16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6048",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15732
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15732",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:57:40.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2752
Vulnerability from cvelistv5
Published
2023-05-17 00:00
Modified
2025-01-22 17:21
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-beta |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2752",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T17:21:16.492944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T17:21:20.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-beta",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
}
],
"source": {
"advisory": "efdf5b24-6d30-4d57-a5b0-13b253ba3ea4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2752",
"datePublished": "2023-05-17T00:00:00",
"dateReserved": "2023-05-17T00:00:00",
"dateUpdated": "2025-01-22T17:21:20.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0307
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
}
],
"source": {
"advisory": "fac01e9f-e3e5-4985-94ad-59a76485f215",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0307",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0788
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCode Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:08:38.239Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
}
],
"source": {
"advisory": "808d5452-607c-4af1-812f-26c49faf3e61",
"discovery": "EXTERNAL"
},
"title": " Code Injection in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0788",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4558
Vulnerability from cvelistv5
Published
2010-12-17 18:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/45442 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2010/3254 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/42622 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpmyfaq.de/advisory_2010-12-15.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"name": "ADV-2010-3254",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"name": "42622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-17T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"name": "ADV-2010-3254",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"name": "42622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45442"
},
{
"name": "ADV-2010-3254",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"name": "42622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42622"
},
{
"name": "http://www.phpmyfaq.de/advisory_2010-12-15.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4558",
"datePublished": "2010-12-17T18:00:00Z",
"dateReserved": "2010-12-17T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:36.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4007
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-11 19:13
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4007",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T18:40:36.329137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T19:13:31.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:43.190Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
}
],
"source": {
"advisory": "e891dcbc-2092-49d3-9518-23e37187a5ea",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4007",
"datePublished": "2023-07-31T00:00:43.190Z",
"dateReserved": "2023-07-31T00:00:37.694Z",
"dateUpdated": "2024-10-11T19:13:31.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6889
Vulnerability from cvelistv5
Published
2023-12-16 08:57
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T09:52:27.861Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
}
],
"source": {
"advisory": "52897778-fad7-4169-bf04-a68a0646df0c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6889",
"datePublished": "2023-12-16T08:57:30.625Z",
"dateReserved": "2023-12-16T08:57:12.016Z",
"dateUpdated": "2024-08-02T08:42:08.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0789
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCommand Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:08:16.153Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
}
],
"source": {
"advisory": "d9375178-2f23-4f5d-88bd-bba3d6ba7cc5",
"discovery": "EXTERNAL"
},
"title": "Command Injection in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0789",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28108
Vulnerability from cvelistv5
Published
2024-03-25 18:52
Modified
2024-08-02 00:48
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28108",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:41:12.256056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:50:13.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:48.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn\u0027t check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:52:19.325Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
}
],
"source": {
"advisory": "GHSA-48vw-jpf8-hwqh",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored HTML Injection at contentLink"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28108",
"datePublished": "2024-03-25T18:52:19.325Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-02T00:48:48.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2256
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpmyfaq.de/advisory_2004-05-18.php | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1010190 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/363636 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11640 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16223 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10377 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11640"
},
{
"name": "phpmyfaq-lang-directory-traversal(16223)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"name": "10377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "1010190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"name": "11640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11640"
},
{
"name": "phpmyfaq-lang-directory-traversal(16223)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"name": "10377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10377"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/advisory_2004-05-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "1010190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"name": "11640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11640"
},
{
"name": "phpmyfaq-lang-directory-traversal(16223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"name": "10377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10377"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2256",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22202
Vulnerability from cvelistv5
Published
2024-02-05 19:39
Modified
2024-08-01 22:35
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35 | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:44:13.037619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:32.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ\u0027s user removal page allows an attacker to spoof another user\u0027s detail, and in turn make a compelling phishing case for removing another user\u0027s account. The front-end of this page doesn\u0027t allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T19:39:38.262Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
}
],
"source": {
"advisory": "GHSA-6648-6g96-mg35",
"discovery": "UNKNOWN"
},
"title": "User Removal Page Allows Spoofing Of User Details"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22202",
"datePublished": "2024-02-05T19:39:38.262Z",
"dateReserved": "2024-01-08T04:59:27.372Z",
"dateUpdated": "2024-08-01T22:35:34.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0786
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:08:57.673Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
}
],
"source": {
"advisory": "8c74ccab-0d1d-4c6b-a0fa-803aa65de04f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0786",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3469
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-11-12 15:05
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-beta.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.2.0-beta.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3469",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:03:49.185250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:05:06.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-beta.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:19.692Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
}
],
"source": {
"advisory": "3565cfc9-82c4-4db8-9b8f-494dd81b56ca",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3469",
"datePublished": "2023-06-30T00:00:19.692Z",
"dateReserved": "2023-06-30T00:00:06.251Z",
"dateUpdated": "2024-11-12T15:05:06.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3050
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rgod.altervista.org/phpmyfuck151.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112749230124091&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3050",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1754
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 19:01
Severity ?
EPSS score ?
Summary
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1754",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:01:19.152276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:01:25.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
}
],
"source": {
"advisory": "529f2361-eb2e-476f-b7ef-4e561a712e28",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1754",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:01:25.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3734
Vulnerability from cvelistv5
Published
2005-11-22 00:00
Modified
2024-08-07 23:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17649 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/196 | third-party-advisory, x_refsource_SREASON | |
| http://www.phpmyfaq.de/advisory_2005-11-18.php | x_refsource_CONFIRM | |
| http://www.osvdb.org/20989 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/15504 | vdb-entry, x_refsource_BID | |
| http://www.trapkit.de/advisories/TKADV2005-11-004.txt | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2005/2505 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/417219/30/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17649"
},
{
"name": "196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"name": "20989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20989"
},
{
"name": "15504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"name": "ADV-2005-2505",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"name": "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17649"
},
{
"name": "196",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"name": "20989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20989"
},
{
"name": "15504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"name": "ADV-2005-2505",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"name": "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17649"
},
{
"name": "196",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/196"
},
{
"name": "http://www.phpmyfaq.de/advisory_2005-11-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"name": "20989",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20989"
},
{
"name": "15504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15504"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"name": "ADV-2005-2505",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"name": "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3734",
"datePublished": "2005-11-22T00:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0794
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:29:28.207Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
}
],
"source": {
"advisory": "949975f1-271d-46aa-85e5-1a013cdb5efb",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0794",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3754
Vulnerability from cvelistv5
Published
2022-10-29 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
}
],
"source": {
"advisory": "f4711d7f-1368-48ab-9bef-45f32e356c47",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3754",
"datePublished": "2022-10-29T00:00:00",
"dateReserved": "2022-10-29T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15809
Vulnerability from cvelistv5
Published
2017-10-23 17:00
Modified
2024-09-17 04:15
Severity ?
EPSS score ?
Summary
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15809",
"datePublished": "2017-10-23T17:00:00Z",
"dateReserved": "2017-10-23T00:00:00Z",
"dateUpdated": "2024-09-17T04:15:09.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4780
Vulnerability from cvelistv5
Published
2010-04-21 14:00
Modified
2024-09-16 19:45
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37180 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37520 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37180"
},
{
"name": "37520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-21T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37180"
},
{
"name": "37520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37180"
},
{
"name": "37520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4780",
"datePublished": "2010-04-21T14:00:00Z",
"dateReserved": "2010-04-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:45:51.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6049
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://techdefencelabs.com/security-advisories.html | x_refsource_MISC | |
| https://www.phpmyfaq.de/security/advisory-2014-09-16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6049",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1753
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 19:01
Severity ?
EPSS score ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:01:53.891490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:01:59.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWeak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:12:10.222Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
}
],
"source": {
"advisory": "01d6ae23-3a8f-42a8-99f4-10246187d71b",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1753",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:01:59.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0793
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWeak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
}
],
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:06:58.466Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
}
],
"source": {
"advisory": "b3881a1f-2f1e-45cb-86f3-735f66e660e9",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0793",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2023-02-12T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1761
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2025-02-11 18:44
Severity ?
EPSS score ?
Summary
Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:44:14.963774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:44:23.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:11:22.668Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
}
],
"source": {
"advisory": "24c0a65f-0751-4ff8-af63-4b325ac8879f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1761",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-11T18:44:23.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6045
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://techdefencelabs.com/security-advisories.html | x_refsource_MISC | |
| https://www.phpmyfaq.de/security/advisory-2014-09-16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6045",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3048
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/19672 | vdb-entry, x_refsource_OSVDB | |
| http://rgod.altervista.org/phpmyfuck151.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112749230124091&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19672"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19672"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19672",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19672"
},
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3048",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1885
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 19:47
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:47:30.471251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T19:47:34.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef Hassan (josefjku)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Hassan (ahmedvienna)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T10:20:28.599Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
}
],
"source": {
"advisory": "bce84c02-abb2-474f-a67b-1468c9dcabb8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1885",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-04-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T19:47:34.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15735
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15735",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:14.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3047
Vulnerability from cvelistv5
Published
2005-09-23 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rgod.altervista.org/phpmyfuck151.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112749230124091&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3047",
"datePublished": "2005-09-23T04:00:00",
"dateReserved": "2005-09-23T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27300
Vulnerability from cvelistv5
Published
2024-03-25 18:30
Modified
2024-08-02 00:28
Severity ?
EPSS score ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459 | x_refsource_MISC | |
| https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27300",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T19:29:59.933358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:40:57.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ\u0027s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP\u0027s `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user\u0027s phpMyFAQ session. This vulnerability is fixed in 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T18:32:00.543Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
}
],
"source": {
"advisory": "GHSA-q7g6-xfh2-vhpx",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ Stored XSS at user email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27300",
"datePublished": "2024-03-25T18:30:35.810Z",
"dateReserved": "2024-02-22T18:08:38.875Z",
"dateUpdated": "2024-08-02T00:28:00.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2999
Vulnerability from cvelistv5
Published
2023-05-31 00:00
Modified
2025-01-10 16:26
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2999",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:25:48.996360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:26:06.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
}
],
"source": {
"advisory": "4d89c7cc-fb4c-4b64-9b67-f0189f70a620",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2999",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-31T00:00:00",
"dateUpdated": "2025-01-10T16:26:06.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5320
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:16
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thorsten:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5320",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:16:32.305933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:16:39.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:42.559Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
}
],
"source": {
"advisory": "3a2bc18b-5932-4fb5-a01e-24b2b0443b67",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5320",
"datePublished": "2023-09-30T00:00:42.559Z",
"dateReserved": "2023-09-30T00:00:37.900Z",
"dateUpdated": "2024-09-23T16:16:39.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15729
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15729",
"datePublished": "2017-10-21T22:00:00Z",
"dateReserved": "2017-10-21T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:13.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5316
Vulnerability from cvelistv5
Published
2023-09-30 00:00
Modified
2024-09-23 16:06
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5316",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:05:40.994713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:06:16.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T00:00:17.191Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
}
],
"source": {
"advisory": "f877e65a-e647-457b-b105-7e5c9f58fb43",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5316",
"datePublished": "2023-09-30T00:00:17.191Z",
"dateReserved": "2023-09-30T00:00:06.478Z",
"dateUpdated": "2024-09-23T16:06:16.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4821
Vulnerability from cvelistv5
Published
2012-10-22 23:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/62092 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/41625 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpmyfaq.de/advisory_2010-09-28.php | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/03/08/2 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/bugtraq/2010/Sep/207 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openwall.com/lists/oss-security/2012/03/08/7 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/68268 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name": "phpmyfaq-unspecified-xss(62092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"name": "41625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name": "20110928 Fwd: 2.6.6 \u003c= phpMyFAQ \u003c= 2.6.8 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name": "68268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/68268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name": "phpmyfaq-unspecified-xss(62092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"name": "41625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name": "20110928 Fwd: 2.6.6 \u003c= phpMyFAQ \u003c= 2.6.8 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name": "68268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/68268"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt",
"refsource": "MISC",
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name": "phpmyfaq-unspecified-xss(62092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"name": "41625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41625"
},
{
"name": "http://www.phpmyfaq.de/advisory_2010-09-28.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name": "20110928 Fwd: 2.6.6 \u003c= phpMyFAQ \u003c= 2.6.8 XSS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name": "68268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68268"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4821",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6046
Vulnerability from cvelistv5
Published
2018-08-28 17:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
References
| ▼ | URL | Tags |
|---|---|---|
| http://techdefencelabs.com/security-advisories.html | x_refsource_MISC | |
| https://www.phpmyfaq.de/security/advisory-2014-09-16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6046",
"datePublished": "2018-08-28T17:00:00",
"dateReserved": "2014-09-01T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22208
Vulnerability from cvelistv5
Published
2024-02-05 20:44
Modified
2024-08-01 22:35
Severity ?
EPSS score ?
Summary
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg | x_refsource_CONFIRM | |
| https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:35.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyFAQ",
"vendor": "thorsten",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The \u0027sharing FAQ\u0027 functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application\u0027s email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:44:23.236Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
},
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
}
],
"source": {
"advisory": "GHSA-9hhf-xmcw-r3xg",
"discovery": "UNKNOWN"
},
"title": "phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22208",
"datePublished": "2024-02-05T20:44:23.236Z",
"dateReserved": "2024-01-08T04:59:27.373Z",
"dateUpdated": "2024-08-01T22:35:35.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1757
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-10 20:43
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1757",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:43:09.115673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:43:15.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
}
],
"source": {
"advisory": "584a200a-6ff8-4d53-a3c0-e7893edff60c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1757",
"datePublished": "2023-04-05T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:43:15.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3608
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.0-alpha |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.0-alpha",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-19T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
}
],
"source": {
"advisory": "8f0f3635-9d81-4c55-9826-2ba955c3a850",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3608",
"datePublished": "2022-10-19T00:00:00",
"dateReserved": "2022-10-19T00:00:00",
"dateUpdated": "2024-08-03T01:14:02.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0306
Vulnerability from cvelistv5
Published
2023-01-15 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
}
],
"source": {
"advisory": "cbba22f0-89ed-4d01-81ea-744979c8cbde",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0306",
"datePublished": "2023-01-15T00:00:00",
"dateReserved": "2023-01-15T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5863
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-05 17:50
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Version: unspecified < 3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5863",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T17:50:00.906566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:50:14.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:19.197Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
}
],
"source": {
"advisory": "fbfd4e84-61fb-4063-8f11-15877b8c1f6f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5863",
"datePublished": "2023-10-31T00:00:19.197Z",
"dateReserved": "2023-10-31T00:00:06.770Z",
"dateUpdated": "2024-09-05T17:50:14.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4825
Vulnerability from cvelistv5
Published
2011-12-15 02:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zenphoto.org/trac/ticket/2005 | x_refsource_CONFIRM | |
| http://www.phpmyfaq.de/advisory_2011-10-25.php | x_refsource_CONFIRM | |
| http://www.phpletter.com/en/DOWNLOAD/1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/50523 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/18075 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"name": "50523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"name": "18075",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-15T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"name": "50523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"name": "18075",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/trac/ticket/2005",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"name": "http://www.phpmyfaq.de/advisory_2011-10-25.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"name": "http://www.phpletter.com/en/DOWNLOAD/1/",
"refsource": "CONFIRM",
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"name": "50523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50523"
},
{
"name": "18075",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4825",
"datePublished": "2011-12-15T02:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:26.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14618
Vulnerability from cvelistv5
Published
2017-09-20 21:00
Modified
2024-08-05 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42761/ | exploit, x_refsource_EXPLOIT-DB | |
| https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.phpmyfaq.de/security/advisory-2017-10-19 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42761",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42761",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42761",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"name": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-10-19",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14618",
"datePublished": "2017-09-20T21:00:00",
"dateReserved": "2017-09-20T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16651
Vulnerability from cvelistv5
Published
2018-09-07 05:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.phpmyfaq.de/security/advisory-2018-09-02 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyfaq.de/security/advisory-2018-09-02",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16651",
"datePublished": "2018-09-07T05:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:32:53.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11187
Vulnerability from cvelistv5
Published
2017-07-12 14:00
Modified
2024-09-17 03:39
Severity ?
EPSS score ?
Summary
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpmyfaq.de/security/advisory-2017-07-12 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:58.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-12T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/security/advisory-2017-07-12",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11187",
"datePublished": "2017-07-12T14:00:00Z",
"dateReserved": "2017-07-12T00:00:00Z",
"dateUpdated": "2024-09-17T03:39:05.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-04-05 16:15
Modified
2024-11-21 07:39
Severity ?
Summary
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1758",
"lastModified": "2024-11-21T07:39:50.483",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T16:15:07.367",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-75"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-07 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/14516 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.phpmyfaq.de/advisory_2005-03-06.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14516 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/advisory_2005-03-06.php | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B69808-C3F4-401E-996D-88091203698E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "39CA9672-6651-4654-89AB-AF45A3EB2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "E47EB76A-2314-4978-A146-C6C73CF018C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages."
}
],
"id": "CVE-2005-0702",
"lastModified": "2024-11-20T23:55:43.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14516"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-03-06.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-07 05:29
Modified
2024-11-21 03:53
Severity ?
Summary
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA187D80-7802-4512-809B-E2111C631231",
"versionEndExcluding": "2.9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports."
},
{
"lang": "es",
"value": "El backend de administrador en phpMyFAQ en versiones anteriores a la 2.9.11 permite la inyecci\u00f3n CSV en los informes."
}
],
"id": "CVE-2018-16651",
"lastModified": "2024-11-21T03:53:08.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-07T05:29:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1879",
"lastModified": "2024-11-21T07:40:04.413",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.083",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:01
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` \u0026 `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Se ha descubierto una vulnerabilidad de inyecci\u00f3n SQL en `insertentry` y `saveentry` al modificar registros debido a un escape inadecuado de la direcci\u00f3n de correo electr\u00f3nico. Esto permite que cualquier usuario autenticado con derechos para agregar/editar noticias de preguntas frecuentes aproveche esta vulnerabilidad para filtrar datos, hacerse cargo de cuentas y, en algunos casos, incluso lograr RCE. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-28107",
"lastModified": "2025-01-09T17:01:02.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.477",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al a\u00f1adir un glosario."
}
],
"id": "CVE-2017-15729",
"lastModified": "2024-11-21T03:15:06.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-31 11:15
Modified
2024-11-21 07:20
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS)- Almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8.\n\n"
}
],
"id": "CVE-2022-3765",
"lastModified": "2024-11-21T07:20:12.173",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-31T11:15:10.133",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.main.php."
}
],
"id": "CVE-2017-15734",
"lastModified": "2024-11-21T03:15:07.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-17 19:00
Modified
2024-11-21 01:21
Severity ?
Summary
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code."
},
{
"lang": "es",
"value": "phpMyFAQ v2.6.11 y v2.6.12, como los distribuidos entre el 4 y el 15 de diciembre de 2010, contiene una modificaci\u00f3n introducida externamente (Troyano) en el m\u00e9todo getTopTen en inc/faq.php, que permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n."
}
],
"id": "CVE-2010-4558",
"lastModified": "2024-11-21T01:21:12.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-17T19:00:26.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42622"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-12-15.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/45442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2024-11-21 00:01
Severity ?
Summary
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message."
}
],
"id": "CVE-2005-3050",
"lastModified": "2024-11-21T00:01:00.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Requisitos de contrase\u00f1a d\u00e9biles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.10."
}
],
"id": "CVE-2023-0307",
"lastModified": "2024-11-21T07:36:56.470",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.493",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C",
"versionEndExcluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): reflejado en el repositorio de GitHub thorsten/phpmyfaq antes de 3.2.2."
}
],
"id": "CVE-2023-5863",
"lastModified": "2024-11-21T08:42:39.503",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.757",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 20:15
Modified
2024-11-21 08:55
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ\u0027s user removal page allows an attacker to spoof another user\u0027s detail, and in turn make a compelling phishing case for removing another user\u0027s account. The front-end of this page doesn\u0027t allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. La p\u00e1gina de eliminaci\u00f3n de usuarios de phpMyFAQ permite a un atacante falsificar los detalles de otro usuario y, a su vez, presentar un caso de phishing convincente para eliminar la cuenta de otro usuario. La interfaz de esta p\u00e1gina no permite cambiar los detalles del formulario; un atacante puede utilizar un proxy para interceptar esta solicitud y enviar otros datos. Al enviar este formulario, se env\u00eda un correo electr\u00f3nico al administrador inform\u00e1ndole que este usuario desea eliminar su cuenta. Un administrador no tiene forma de distinguir entre el usuario real que desea eliminar su cuenta o el atacante que lo hace para una cuenta que no controla. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.5."
}
],
"id": "CVE-2024-22202",
"lastModified": "2024-11-21T08:55:47.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T20:15:55.390",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1885",
"lastModified": "2024-11-21T07:40:05.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.370",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "cross site scripting (XSS): reflejadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0314",
"lastModified": "2024-11-21T07:36:57.300",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:11.043",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-05 20:15
Modified
2024-11-21 07:58
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2550",
"lastModified": "2024-11-21T07:58:48.727",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-05T20:15:10.557",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): DOM en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.18."
}
],
"id": "CVE-2023-5316",
"lastModified": "2024-11-21T08:41:30.877",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.150",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:30
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Al manipular el par\u00e1metro de noticias en una solicitud POST, un atacante puede inyectar c\u00f3digo JavaScript malicioso. Al navegar a la p\u00e1gina de noticias comprometida, se activa la carga \u00fatil XSS. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-28106",
"lastModified": "2025-01-09T17:30:11.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.263",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-30 01:15
Modified
2025-01-30 17:15
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2428",
"lastModified": "2025-01-30T17:15:15.810",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-30T01:15:09.493",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43064/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43064/ | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.ratings.php."
}
],
"id": "CVE-2017-15730",
"lastModified": "2024-11-21T03:15:07.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43064/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43064/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-22 23:55
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6861E0-F1B8-41A6-AECD-D039A346F4C5",
"versionEndIncluding": "2.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E89609EA-C5DA-45CA-A002-0D4AFCA45648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "328283AF-1875-4D9B-93CC-059198D80316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01569544-72C2-4C82-B173-77C235BEE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7B4362-27D5-494C-8AD1-48ECD16CF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en phpMyFAQ antes de v2.6.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del PATH_INFO a index.php.\r\n"
}
],
"id": "CVE-2010-4821",
"lastModified": "2024-11-21T01:21:51.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-22T23:55:04.273",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41625"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/68268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/68268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-11 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/8b47f38 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/8b47f38 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAB360A-D5DD-4DCA-A0C4-B171302FB531",
"versionEndExcluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
},
{
"lang": "es",
"value": "Cookie confidencial en sesi\u00f3n HTTPS sin atributo \u0027seguro\u0027 en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.9."
}
],
"id": "CVE-2022-4409",
"lastModified": "2024-11-21T07:35:12.927",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-11T15:15:10.803",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-614"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1761",
"lastModified": "2024-11-21T07:39:50.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.703",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/128ef85f8e3ab7869d3107aa4d0b6867b53391d7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0793",
"lastModified": "2024-11-21T07:37:50.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.803",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2024-11-21 00:01
Severity ?
Summary
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
}
],
"id": "CVE-2005-3048",
"lastModified": "2024-11-21T00:01:00.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19672"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 01:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1755",
"lastModified": "2024-11-21T07:39:50.150",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T01:15:09.330",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1878",
"lastModified": "2024-11-21T07:40:04.307",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.037",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 03:15
Modified
2025-01-09 16:58
Severity ?
3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Existe una vulnerabilidad de Path Traversal en los archivos adjuntos que permite a los atacantes con derechos de administrador cargar archivos maliciosos en otras ubicaciones de la ra\u00edz web. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-29196",
"lastModified": "2025-01-09T16:58:38.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T03:15:13.517",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-01-16 20:15
Severity ?
Summary
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request."
}
],
"id": "CVE-2004-2257",
"lastModified": "2025-01-16T20:15:27.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12085"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/8240"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/10813"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1010795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/8240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/10813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0312",
"lastModified": "2024-11-21T07:36:57.053",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.893",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
},
{
"source": "security@huntr.dev",
"tags": [
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 17:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag."
},
{
"lang": "es",
"value": "En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Scripting (XSS) en admin/tags.main.php mediante una etiqueta manipulada."
}
],
"id": "CVE-2017-15809",
"lastModified": "2024-11-21T03:15:16.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T17:29:00.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0309",
"lastModified": "2024-11-21T07:36:56.703",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.657",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-17 03:15
Modified
2024-11-21 07:38
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
},
{
"lang": "es",
"value": "Mala interpretaci\u00f3n de la entrada en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.11."
}
],
"id": "CVE-2023-0880",
"lastModified": "2024-11-21T07:38:01.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-17T03:15:09.950",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-115"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos lean archivos adjuntos arbitrarios mediante una petici\u00f3n directa."
}
],
"id": "CVE-2014-6048",
"lastModified": "2024-11-21T02:13:41.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:23
Severity ?
Summary
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98C6746C-BF52-486F-86DF-C6FFDF8DC80E",
"versionEndIncluding": "1.6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en el phpMyFAQ 1.6.7 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores sin especificar."
}
],
"id": "CVE-2006-6912",
"lastModified": "2024-11-21T00:23:56.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21944"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/ajax.attachment.php y admin/att.main.php."
}
],
"id": "CVE-2017-15733",
"lastModified": "2024-11-21T03:15:07.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1884",
"lastModified": "2024-11-21T07:40:04.987",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.323",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0790",
"lastModified": "2024-11-21T07:37:50.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.547",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0310",
"lastModified": "2024-11-21T07:36:56.820",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.730",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-30 03:15
Modified
2025-01-30 17:15
Severity ?
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2429",
"lastModified": "2025-01-30T17:15:15.950",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-30T03:15:08.750",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos omitan el mecanismo de protecci\u00f3n CAPTCHA reproduciendo la petici\u00f3n."
}
],
"id": "CVE-2014-6050",
"lastModified": "2024-11-21T02:13:41.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 01:15
Modified
2024-11-21 08:34
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9F1132-3D27-4D51-AF94-75A8C3DDE21F",
"versionEndExcluding": "3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"id": "CVE-2023-4007",
"lastModified": "2024-11-21T08:34:12.960",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T01:15:10.017",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:27
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the \"Add News\" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP\u0027s `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Se ha descubierto una vulnerabilidad de inyecci\u00f3n SQL en la funcionalidad \"Agregar noticias\" debido a un escape incorrecto de la direcci\u00f3n de correo electr\u00f3nico. Esto permite que cualquier usuario autenticado con derechos para agregar/editar noticias de preguntas frecuentes aproveche esta vulnerabilidad para filtrar datos, hacerse cargo de cuentas y, en algunos casos, incluso lograr RCE. El campo vulnerable se encuentra en el campo `authorEmail` que utiliza el filtro `FILTER_VALIDATE_EMAIL` de PHP. Este filtro es insuficiente para proteger contra ataques de inyecci\u00f3n SQL y aun as\u00ed se debe escapar correctamente. Sin embargo, en esta versi\u00f3n de phpMyFAQ (3.2.5), este campo no tiene el formato de escape adecuado y puede usarse junto con otros campos para explotar completamente la vulnerabilidad de inyecci\u00f3n SQL. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-27299",
"lastModified": "2025-01-09T17:27:11.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:57.563",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B69808-C3F4-401E-996D-88091203698E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable."
}
],
"id": "CVE-2004-2256",
"lastModified": "2024-11-20T23:52:53.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10377"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/363636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16223"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 17:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php."
},
{
"lang": "es",
"value": "En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Request Forgery (CSRF) en admin/ajax.config.php."
}
],
"id": "CVE-2017-15808",
"lastModified": "2024-11-21T03:15:16.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T17:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-24 00:55
Modified
2024-11-21 01:31
Severity ?
Summary
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files."
},
{
"lang": "es",
"value": "phpMyFAQ v2.6.13 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como lo demuestra el producto lang/language_uk.php y algunos otros archivos."
}
],
"id": "CVE-2011-3783",
"lastModified": "2024-11-21T01:31:15.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:02.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpmyfaq-2.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-20 21:29
Modified
2024-11-21 03:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the \"Title of your FAQ\" field in the Configuration Module."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en phpMyFAQ hasta la versi\u00f3n 2.9.8 permite que atacantes remotos inyecten scripts web o HTML mediante el campo \"Title of your FAQ\" en el m\u00f3dulo de configuraci\u00f3n."
}
],
"id": "CVE-2017-14619",
"lastModified": "2024-11-21T03:13:12.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T21:29:00.350",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"source": "cve@mitre.org",
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/42987/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42987/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-16 09:15
Modified
2024-11-21 08:44
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85E03A12-18B2-4BD1-AC03-9440332134B9",
"versionEndExcluding": "3.1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.17."
}
],
"id": "CVE-2023-6890",
"lastModified": "2024-11-21T08:44:46.293",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T09:15:07.470",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 16:55
Modified
2024-11-21 02:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B2AC55-8F04-44F9-922D-687FAEFC03DF",
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E89609EA-C5DA-45CA-A002-0D4AFCA45648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "328283AF-1875-4D9B-93CC-059198D80316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01569544-72C2-4C82-B173-77C235BEE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7B4362-27D5-494C-8AD1-48ECD16CF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC00325-D9B4-4219-A63F-04EEB7DA6F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "714DA52A-6AE0-41A7-9250-08BE3B336C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17526059-D468-4AE3-A24E-8B4FDD26915E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21162859-A1AB-4477-BA1B-4A2C2DB4705D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "06AC9151-E197-479F-B1BA-CAEEFC488EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "21ABBD7C-7FC6-48A1-88CE-282156EB5B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "092575EA-2318-4FDD-9EE0-D5AFC5A14854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F971EC18-895D-469E-9D69-94D13017B62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9650943E-4BB2-4A0D-B3D5-07B99566A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3055F07-0E27-464D-AE66-E6E1817A49E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C85D157-3F89-4E09-B45A-5624D5E9ECC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19AD9DE9-2A90-46FA-BDCB-A467C60AC25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B60C31AA-F51C-4704-AC0B-54C2827654F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E14E876D-345D-4459-BF53-4B97DCFDBA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "651AED63-79B2-48DF-A9DF-70173E87BCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "216752FD-4126-4F9A-A7B2-23FCFB47508E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4D839BD2-DEFB-44E4-84F1-531C750090E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9908E785-6C57-45C1-B8DE-AF8B1BE875E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6019B-EAF7-4E6B-A97B-F27FCF10FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30F37277-2D8A-4B92-956F-78B39F876225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B304F221-C6E1-4995-A6B5-C4CB4F41D69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0582DAA4-9F0C-4FF6-894E-F98D3E07D771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3E7701-8373-4625-A401-3B655C9DCC3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0814",
"lastModified": "2024-11-21T02:02:50.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-14T16:55:13.857",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/102940"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN30050348/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65368"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 01:15
Modified
2024-11-21 07:39
Severity ?
Summary
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1754",
"lastModified": "2024-11-21T07:39:50.043",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T01:15:09.247",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 16:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1757",
"lastModified": "2024-11-21T07:39:50.357",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T16:15:07.317",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.18."
}
],
"id": "CVE-2023-5319",
"lastModified": "2024-11-21T08:41:31.243",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.363",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:23
Severity ?
Summary
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98C6746C-BF52-486F-86DF-C6FFDF8DC80E",
"versionEndIncluding": "1.6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en phpMyFAQ 1.6.7 y anteriores permite a atacantes remotos enviar secuencias de comandos PHP de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2006-6913",
"lastModified": "2024-11-21T00:23:56.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21945"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2006-12-15.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0077"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos ejecuten comandos SQL arbitrarios mediante vectores relacionados con la funci\u00f3n restore."
}
],
"id": "CVE-2014-6045",
"lastModified": "2024-11-21T02:13:40.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2024-11-21 00:01
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php."
}
],
"id": "CVE-2005-3047",
"lastModified": "2024-11-21T00:01:00.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Autenticaci\u00f3n incorrecta en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.10."
}
],
"id": "CVE-2023-0311",
"lastModified": "2024-11-21T07:36:56.937",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.810",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-17 08:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "972DB9E1-96EB-4DEC-8A58-14DDF7B8A7E2",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "71D0A0BD-EC7D-47C7-8C0F-716EE0843E52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"id": "CVE-2023-2752",
"lastModified": "2024-11-21T07:59:13.467",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T08:15:08.757",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
},
{
"source": "security@huntr.dev",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 01:15
Modified
2024-11-21 08:34
Severity ?
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9F1132-3D27-4D51-AF94-75A8C3DDE21F",
"versionEndExcluding": "3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"id": "CVE-2023-4006",
"lastModified": "2024-11-21T08:34:12.833",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T01:15:09.937",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1882",
"lastModified": "2024-11-21T07:40:04.743",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.227",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-22 00:03
Modified
2024-11-21 00:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpmyfaq | phpmyfaq | 1.5 | |
| phpmyfaq | phpmyfaq | 1.5.1 | |
| phpmyfaq | phpmyfaq | 1.5.3 | |
| phpmyfaq | phpmyfaq | 1.5_alpha1 | |
| phpmyfaq | phpmyfaq | 1.5_alpha2 | |
| phpmyfaq | phpmyfaq | 1.5_beta1 | |
| phpmyfaq | phpmyfaq | 1.5_beta2 | |
| phpmyfaq | phpmyfaq | 1.5_beta3 | |
| phpmyfaq | phpmyfaq | 1.5_rc1 | |
| phpmyfaq | phpmyfaq | 1.5_rc2 | |
| phpmyfaq | phpmyfaq | 1.5_rc3 | |
| phpmyfaq | phpmyfaq | 1.5_rc4 | |
| phpmyfaq | phpmyfaq | 1.5_rc5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "34D1FA39-9778-488F-9582-E37060F3F92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "A62052CA-95C7-43C9-B65B-C2E01EB0EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "89938096-681A-4D77-8BA2-3F4D0A2424E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "8215A5E3-4780-4E45-8B52-F8D00A71D7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7087AF-0DBF-4287-9B58-EA0C3F9F9134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D419C7-F683-41F5-B8A0-2354F9DDBE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58BDAA-4C56-44F8-99E7-FF55283884A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5350F01-DCAE-46D3-82B1-E5A297AA43BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2D8CF4-87AF-47C0-AB37-88F50324AC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F0D935-5A88-457B-959E-4BBC655D3F7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina \"add content\" de phpMyFAQ 1.5.3 y anteriores permite a atacantes remotos inyectar \u0027script\u0027 web arbitrario mediante los par\u00e1metros (1) thema, (2) username, y (3) usermail."
}
],
"id": "CVE-2005-3734",
"lastModified": "2024-11-21T00:02:33.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17649"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/196"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20989"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2005-11-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2505"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- DOM en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.18."
}
],
"id": "CVE-2023-5320",
"lastModified": "2024-11-21T08:41:31.373",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.430",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
},
{
"source": "security@huntr.dev",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con privilegios de administrador omitan la autorizaci\u00f3n mediante un par\u00e1metro ID de instancia manipulado."
}
],
"id": "CVE-2014-6049",
"lastModified": "2024-11-21T02:13:41.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0788",
"lastModified": "2024-11-21T07:37:50.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.380",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:00
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn\u0027t check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Debido a una validaci\u00f3n insuficiente del par\u00e1metro \"contentLink\", es posible que usuarios no autenticados inyecten c\u00f3digo HTML en la p\u00e1gina, lo que podr\u00eda afectar a otros usuarios. _Adem\u00e1s, requiere que se permita agregar nuevas preguntas frecuentes a los invitados y que el administrador no verifique el contenido de las preguntas frecuentes reci\u00e9n agregadas._ Esta vulnerabilidad se corrigi\u00f3 en 3.2.6."
}
],
"id": "CVE-2024-28108",
"lastModified": "2025-01-09T17:00:12.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al modificar un glosario."
}
],
"id": "CVE-2017-15735",
"lastModified": "2024-11-21T03:15:07.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1760",
"lastModified": "2024-11-21T07:39:50.687",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.643",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante metaDescription o metaKeywords."
}
],
"id": "CVE-2017-15728",
"lastModified": "2024-11-21T03:15:06.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C",
"versionEndExcluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de 3.2.2."
}
],
"id": "CVE-2023-5867",
"lastModified": "2024-11-21T08:42:40.040",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:08.020",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1759",
"lastModified": "2024-11-21T07:39:50.590",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.570",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-17 08:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "972DB9E1-96EB-4DEC-8A58-14DDF7B8A7E2",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "71D0A0BD-EC7D-47C7-8C0F-716EE0843E52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta."
}
],
"id": "CVE-2023-2753",
"lastModified": "2024-11-21T07:59:13.583",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T08:15:08.837",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
},
{
"source": "security@huntr.dev",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0794",
"lastModified": "2024-11-21T07:37:50.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.890",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-29 13:15
Modified
2024-11-21 07:20
Severity ?
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Requisitos de Contrase\u00f1as D\u00e9biles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8.\n"
}
],
"id": "CVE-2022-3754",
"lastModified": "2024-11-21T07:20:10.990",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-29T13:15:09.477",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1887",
"lastModified": "2024-11-21T07:40:05.310",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.473",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-840"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:14
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. La funci\u00f3n de carga de im\u00e1genes de categor\u00eda en phpmyfaq es vulnerable a la manipulaci\u00f3n de los par\u00e1metros `Content-type` y `lang`, lo que permite a los atacantes cargar archivos maliciosos con una extensi\u00f3n .php, lo que potencialmente conduce a la ejecuci\u00f3n remota de c\u00f3digo (RCE) en el sistema. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-28105",
"lastModified": "2025-01-09T17:14:59.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:58.020",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Carga sin Restricciones de Archivos con Tipo Peligroso en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8."
}
],
"id": "CVE-2023-5227",
"lastModified": "2024-11-21T08:41:19.890",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.070",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0306",
"lastModified": "2024-11-21T07:36:56.360",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.400",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-30 01:15
Modified
2024-11-21 08:17
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A23CE37-3356-4EBD-AB7D-060CF611CF6C",
"versionEndIncluding": "3.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "71D0A0BD-EC7D-47C7-8C0F-716EE0843E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AA3CB4E9-252B-4326-BE77-679284864A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2."
}
],
"id": "CVE-2023-3469",
"lastModified": "2024-11-21T08:17:20.070",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T01:15:08.880",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0792",
"lastModified": "2024-11-21T07:37:50.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.720",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-31 01:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B486032C-0BF4-4D1C-ABDB-56607585ADC3",
"versionEndExcluding": "3.1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"id": "CVE-2023-2999",
"lastModified": "2024-11-21T07:59:43.583",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-31T01:15:43.163",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-30 01:15
Modified
2024-11-21 08:41
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68",
"versionEndExcluding": "3.1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.18."
}
],
"id": "CVE-2023-5317",
"lastModified": "2024-11-21T08:41:30.997",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-30T01:15:39.227",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
],
"id": "CVE-2004-2255",
"lastModified": "2024-11-20T23:52:53.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/6300"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/6300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 21:15
Modified
2024-11-21 08:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The \u0027sharing FAQ\u0027 functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application\u0027s email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. La funcionalidad \u0027compartir preguntas frecuentes\u0027 permite a cualquier actor no autenticado hacer un mal uso de la aplicaci\u00f3n phpMyFAQ para enviar correos electr\u00f3nicos arbitrarios a una amplia gama de objetivos. La aplicaci\u00f3n phpMyFAQ tiene una funcionalidad donde cualquiera puede compartir un elemento de preguntas frecuentes con otros. La interfaz de esta funcionalidad permite compartir cualquier art\u00edculo de phpMyFAQ con 5 direcciones de correo electr\u00f3nico. Cualquier actor no autenticado puede realizar esta acci\u00f3n. Existe un CAPTCHA, sin embargo, la cantidad de personas a las que env\u00eda correos electr\u00f3nicos con una sola solicitud no est\u00e1 limitada a 5 por el backend. De este modo, un atacante puede resolver un \u00fanico CAPTCHA y enviar miles de correos electr\u00f3nicos a la vez. Un atacante puede utilizar el servidor de correo electr\u00f3nico de la aplicaci\u00f3n objetivo para enviar mensajes de phishing. Esto puede hacer que el servidor est\u00e9 en una lista negra, lo que hace que todos los correos electr\u00f3nicos terminen en spam. Tambi\u00e9n puede provocar da\u00f1os a la reputaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.5."
}
],
"id": "CVE-2024-22208",
"lastModified": "2024-11-21T08:55:48.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T21:15:11.830",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 21:15
Modified
2024-11-21 08:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD",
"versionEndExcluding": "3.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El eco inseguro del nombre de archivo en phpMyFAQ\\phpmyfaq\\admin\\attachments.php conduce a la ejecuci\u00f3n permitida de c\u00f3digo JavaScript en el lado del cliente (XSS). Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.2.5."
}
],
"id": "CVE-2024-24574",
"lastModified": "2024-11-21T08:59:27.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T21:15:12.340",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F6B11D-C89E-4C4F-A2CA-9CB3F83C8AD3",
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.2.1."
}
],
"id": "CVE-2023-5864",
"lastModified": "2024-11-21T08:42:39.647",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.817",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-31 01:15
Modified
2024-11-21 07:59
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B486032C-0BF4-4D1C-ABDB-56607585ADC3",
"versionEndExcluding": "3.1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14."
}
],
"id": "CVE-2023-2998",
"lastModified": "2024-11-21T07:59:43.453",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-31T01:15:43.103",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 21:15
Modified
2025-01-09 16:59
Severity ?
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Un atacante con privilegios de administrador puede cargar un archivo adjunto que contenga c\u00f3digo JS sin extensi\u00f3n y la aplicaci\u00f3n lo representar\u00e1 como HTML, lo que permite ataques XSS."
}
],
"id": "CVE-2024-29179",
"lastModified": "2025-01-09T16:59:41.167",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T21:15:47.050",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-19 13:15
Modified
2024-11-21 07:19
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548E0B23-D73A-44A2-AE94-9C84CE0A55EE",
"versionEndIncluding": "3.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub thorsten/phpmyfaq versiones anteriores a 3.2.0-alpha"
}
],
"id": "CVE-2022-3608",
"lastModified": "2024-11-21T07:19:52.403",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-19T13:15:08.910",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-16 09:15
Modified
2024-11-21 08:44
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85E03A12-18B2-4BD1-AC03-9440332134B9",
"versionEndExcluding": "3.1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.17."
}
],
"id": "CVE-2023-6889",
"lastModified": "2024-11-21T08:44:46.163",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T09:15:07.270",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-25 19:15
Modified
2025-01-09 17:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ\u0027s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP\u0027s `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user\u0027s phpMyFAQ session. This vulnerability is fixed in 3.2.6."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El campo `email` en la p\u00e1gina del panel de control de usuario de phpMyFAQ es vulnerable a ataques XSS almacenados debido a la insuficiencia de la funci\u00f3n `FILTER_VALIDATE_EMAIL` de PHP, que solo valida el formato del correo electr\u00f3nico, no su contenido. Esta vulnerabilidad permite a un atacante ejecutar JavaScript arbitrario del lado del cliente dentro del contexto de la sesi\u00f3n phpMyFAQ de otro usuario. Esta vulnerabilidad se soluciona en 3.2.6."
}
],
"id": "CVE-2024-27300",
"lastModified": "2025-01-09T17:16:12.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-25T19:15:57.807",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0308",
"lastModified": "2024-11-21T07:36:56.590",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.577",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-20 21:29
Modified
2024-11-21 03:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en inc/PMF/Faq.php en phpMyFAQ hasta la versi\u00f3n 2.9.8 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Questions en una acci\u00f3n \"Add New FAQ\"."
}
],
"id": "CVE-2017-14618",
"lastModified": "2024-11-21T03:13:12.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T21:29:00.317",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "cve@mitre.org",
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42761/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/security/advisory-2017-10-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42761/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-12 14:29
Modified
2024-11-21 03:07
Severity ?
Summary
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.phpmyfaq.de/security/advisory-2017-07-12 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/security/advisory-2017-07-12 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42BCD029-3707-48A6-B302-DEAF66F927F1",
"versionEndIncluding": "2.9.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly."
},
{
"lang": "es",
"value": "phpMyFAQ anterior a versi\u00f3n 2.9.8, no mitiga apropiadamente los ataques de fuerza bruta que intentan muchas contrase\u00f1as durante inicios de sesi\u00f3n intentados r\u00e1pidamente."
}
],
"id": "CVE-2017-11187",
"lastModified": "2024-11-21T03:07:17.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T14:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-07-12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43063/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43063/ | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante un adjunto HTML."
}
],
"id": "CVE-2017-15727",
"lastModified": "2024-11-21T03:15:05.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43063/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43063/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-20 19:30
Modified
2024-11-21 01:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37354 | Vendor Advisory | |
| cve@mitre.org | http://www.phpmyfaq.de/advisory_2009-09-01.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3241 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37354 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/advisory_2009-09-01.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3241 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1A9BDB-6778-4F3E-9ABD-3789BC2C0D1C",
"versionEndIncluding": "2.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5B26F173-5AB9-482C-8B3F-6424359E7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D99DCE-969E-4E2C-8557-DF19F43F7388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "C1833515-70CA-4B10-A947-5F8E544DA110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1B3D0-67F3-4F88-9952-D70CD86387B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80a:*:*:*:*:*:*:*",
"matchCriteriaId": "5E802239-AE7E-4C17-A98C-8E685E77B5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "9E54ADFE-3386-41BC-B08B-DAE967327B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "70079FB1-278D-49A2-8211-E68B7F5F626D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "20020044-2E57-4789-AB98-1B113D523BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5BB764-1B6F-433F-90A4-8103610E8F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DA60DB45-5CFB-4EB2-ACD7-784B1905F259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.666:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA9BBDE-97D0-4B30-AEBB-69A302630542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC2D031-6C8C-49A2-AF52-7C5FE83989B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B69808-C3F4-401E-996D-88091203698E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "39CA9672-6651-4654-89AB-AF45A3EB2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "E47EB76A-2314-4978-A146-C6C73CF018C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "34D1FA39-9778-488F-9582-E37060F3F92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "A62052CA-95C7-43C9-B65B-C2E01EB0EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "89938096-681A-4D77-8BA2-3F4D0A2424E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "8215A5E3-4780-4E45-8B52-F8D00A71D7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7087AF-0DBF-4287-9B58-EA0C3F9F9134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzado (XSS) en phpMyFAQ antes de v2.0.17 y v2.5.x antes de v2.5.2, cuando se utiliza con Internet Explorer v6 o v7, permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de par\u00e1metros no especificados a la p\u00e1gina de b\u00fasqueda."
}
],
"id": "CVE-2009-4040",
"lastModified": "2024-11-21T01:08:47.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-20T19:30:00.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37354"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2009-09-01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3241"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/news.php."
}
],
"id": "CVE-2017-15732",
"lastModified": "2024-11-21T03:15:07.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2024-11-21 00:01
Severity ?
Summary
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file."
}
],
"id": "CVE-2005-3049",
"lastModified": "2024-11-21T00:01:00.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16933"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014968"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19670"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14930"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22405"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1880",
"lastModified": "2024-11-21T07:40:04.523",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.133",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0787",
"lastModified": "2024-11-21T07:37:50.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.293",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 16:15
Modified
2024-11-21 07:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1756",
"lastModified": "2024-11-21T07:39:50.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T16:15:07.273",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-15 22:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184FE56D-4BA2-499C-9F30-C0B5A2EE2C36",
"versionEndExcluding": "3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10."
},
{
"lang": "es",
"value": "cross site scripting (XSS): almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.10."
}
],
"id": "CVE-2023-0313",
"lastModified": "2024-11-21T07:36:57.170",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-15T22:15:10.970",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-05 19:15
Modified
2024-11-21 07:58
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E79CDF-44C3-4462-BDA6-E23A25A11D0D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13."
}
],
"id": "CVE-2023-2427",
"lastModified": "2024-11-21T07:58:35.980",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-05T19:15:15.687",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 16:55
Modified
2024-11-21 02:02
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B2AC55-8F04-44F9-922D-687FAEFC03DF",
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E89609EA-C5DA-45CA-A002-0D4AFCA45648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "328283AF-1875-4D9B-93CC-059198D80316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "01569544-72C2-4C82-B173-77C235BEE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7B4362-27D5-494C-8AD1-48ECD16CF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC00325-D9B4-4219-A63F-04EEB7DA6F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "714DA52A-6AE0-41A7-9250-08BE3B336C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17526059-D468-4AE3-A24E-8B4FDD26915E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21162859-A1AB-4477-BA1B-4A2C2DB4705D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "06AC9151-E197-479F-B1BA-CAEEFC488EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "21ABBD7C-7FC6-48A1-88CE-282156EB5B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "092575EA-2318-4FDD-9EE0-D5AFC5A14854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F971EC18-895D-469E-9D69-94D13017B62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9650943E-4BB2-4A0D-B3D5-07B99566A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3055F07-0E27-464D-AE66-E6E1817A49E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C85D157-3F89-4E09-B45A-5624D5E9ECC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19AD9DE9-2A90-46FA-BDCB-A467C60AC25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B60C31AA-F51C-4704-AC0B-54C2827654F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E14E876D-345D-4459-BF53-4B97DCFDBA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "651AED63-79B2-48DF-A9DF-70173E87BCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "216752FD-4126-4F9A-A7B2-23FCFB47508E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4D839BD2-DEFB-44E4-84F1-531C750090E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9908E785-6C57-45C1-B8DE-AF8B1BE875E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6019B-EAF7-4E6B-A97B-F27FCF10FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30F37277-2D8A-4B92-956F-78B39F876225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B304F221-C6E1-4995-A6B5-C4CB4F41D69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0582DAA4-9F0C-4FF6-894E-F98D3E07D771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3E7701-8373-4625-A401-3B655C9DCC3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que modifiquen configuraciones."
}
],
"id": "CVE-2014-0813",
"lastModified": "2024-11-21T02:02:50.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-14T16:55:13.843",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/102939"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN50943964/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/advisory_2014-02-04.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90963"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect \"download an attachment\" permission checks."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos lean archivos adjuntos arbitrarios aprovechando comprobaciones incorrectas del permiso \"download an attachment\"."
}
],
"id": "CVE-2014-6047",
"lastModified": "2024-11-21T02:13:41.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:01.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F6B11D-C89E-4C4F-A2CA-9CB3F83C8AD3",
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
},
{
"lang": "es",
"value": "Cookie confidencial en sesi\u00f3n HTTPS sin atributo \"seguro\" en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.2.1."
}
],
"id": "CVE-2023-5866",
"lastModified": "2024-11-21T08:42:39.910",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.947",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-614"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-07 16:59
Modified
2024-11-21 03:32
Severity ?
Summary
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.phpmyfaq.de/security/advisory-2017-04-02 | Vendor Advisory | |
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpmyfaq.de/security/advisory-2017-04-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58FC492F-0DFF-4AD4-9ED1-0587EBECA814",
"versionEndIncluding": "2.9.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field."
},
{
"lang": "es",
"value": "inc/PMF/Faq.php en phpMyFAQ en versiones anteriores a 2.9.7 tiene XSS en el campo de pregunta."
}
],
"id": "CVE-2017-7579",
"lastModified": "2024-11-21T03:32:12.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-07T16:59:00.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpmyfaq.de/security/advisory-2017-04-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-07 05:29
Modified
2024-11-21 03:53
Severity ?
Summary
phpMyFAQ before 2.9.11 allows CSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2018-09-02 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA187D80-7802-4512-809B-E2111C631231",
"versionEndExcluding": "2.9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ before 2.9.11 allows CSRF."
},
{
"lang": "es",
"value": "phpMyFAQ en versiones anteriores a la 2.9.11 permite Cross-Site Request Forgery (CSRF)."
}
],
"id": "CVE-2018-16650",
"lastModified": "2024-11-21T03:53:08.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-07T05:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2018-09-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-21 14:30
Modified
2024-11-21 01:10
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37520 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/37180 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37520 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37180 | Exploit |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E628711E-2704-4EBF-A337-6D4E6E6E37BD",
"versionEndIncluding": "2.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5B26F173-5AB9-482C-8B3F-6424359E7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D99DCE-969E-4E2C-8557-DF19F43F7388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "C1833515-70CA-4B10-A947-5F8E544DA110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1B3D0-67F3-4F88-9952-D70CD86387B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80a:*:*:*:*:*:*:*",
"matchCriteriaId": "5E802239-AE7E-4C17-A98C-8E685E77B5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "9E54ADFE-3386-41BC-B08B-DAE967327B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "70079FB1-278D-49A2-8211-E68B7F5F626D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "20020044-2E57-4789-AB98-1B113D523BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5BB764-1B6F-433F-90A4-8103610E8F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DA60DB45-5CFB-4EB2-ACD7-784B1905F259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.666:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA9BBDE-97D0-4B30-AEBB-69A302630542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EC28B0D6-D3F8-4D46-B405-154EDC2C8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E1DC-EA41-4819-B700-78546932755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1B0E73E0-6866-465B-B732-A93984F91DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9D98E974-94AB-4BDC-B409-C70F92479E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "E47EB76A-2314-4978-A146-C6C73CF018C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCB304A-9B0D-4C9F-80FA-5BEDB9753A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4FD5ED2C-47A2-4B00-A10F-973878D75B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F04FC007-D4CA-46C1-98D7-90F02D758B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56DE52B3-9897-436C-BD9F-FD040ECB2B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C50D4745-70A5-450A-8867-DB4505E9715F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E2B2156-0386-4561-BE0E-71477528D629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BE9566E-D26D-4619-94FF-AD7C473BB153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "581A3AC3-B3ED-4A0B-8B74-CCF34EAD14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1DA504A1-D334-4FB7-8B98-38B868146267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06349C8E-757D-4E37-9F4A-9147ED2211E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AA1E819D-101A-44FC-A84D-868460732108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49BCA838-0145-4F09-95B9-FAB417474033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4DFEF3-E1CE-474E-A269-672F9105F74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C9760EB4-CC9D-4840-B9D0-2F53970E694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1451B4CF-6CF0-434A-9DC6-D85D7A4D58E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E946E1A-A0C0-48C1-B0D5-1B669E01CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB0C37-40ED-448D-8D93-68ACC98830A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09CE187C-718B-46DC-95D2-88A1858C5528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0243BBA2-4171-4427-9687-FBDF4F00231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "305407F0-879A-4955-B2F6-E68AC1149A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5C0AE9-BBE2-4BE4-970B-D8F14571A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFA40A9-0E2E-48D5-8389-CC14F8065A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734AE267-7759-4F42-8296-B90F46A18498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98A1E79E-5AC4-4920-89EA-4A2EC20C2138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CC647-5DBF-429D-BEDE-F15C3EBF092B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A1AC18-6E1D-4B1F-A74C-7B7F536ADBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EEDB8-AA94-4EE3-AFB4-D914B5E2C6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "52A746E1-281D-4ECD-AEF0-E1564FF48260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8AA8-6468-47C1-9B15-31A95C69E941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5AE2E-3670-48FA-94F9-58FF8593CE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0E6118-7C8C-49AA-B63A-33FCC9C228B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0547AF0-C850-4DCE-A222-FFF1B0116B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E019685-8F0B-476B-A95F-DE98E471854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A54F0D1-7FB3-48DC-B24E-4B86C7C4DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36EBB9DC-7531-4959-BB29-8B5199696DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4405D9E3-EEBD-4930-B34E-3F3C6046D903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C623859D-98BF-4144-96C2-4F912360B67F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de tipo Cross-Site Scripting (XSS) en el archivo index.php en phpMyFAQ anterior a la versi\u00f3n 2.5.5, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de (1) el par\u00e1metro lang en una acci\u00f3n del sitemap, (2) el par\u00e1metro search en una acci\u00f3n search, (3) el par\u00e1metro tagging_id en una acci\u00f3n search, (4) el par\u00e1metro highlight en una acci\u00f3n artikel, (5) el par\u00e1metro artlang en una acci\u00f3n artikel, (6) el par\u00e1metro letter en una acci\u00f3n sitemap, (7) el par\u00e1metro lang en una acci\u00f3n show, (8) el par\u00e1metro cat en una acci\u00f3n show, (9) el par\u00e1metro newslang en una acci\u00f3n news, (10) el par\u00e1metro artlang en una acci\u00f3n send2friend, (11) el par\u00e1metro cat en una acci\u00f3n send2friend , (12) el par\u00e1metro id en una acci\u00f3n send2friend, (13) el par\u00e1metro srclang en una acci\u00f3n traslate, (14) el par\u00e1metro id en una acci\u00f3n traslate, (15) el par\u00e1metro cat en una acci\u00f3n traslate, (16) el par\u00e1metro cat en una acci\u00f3n add, o (17) el par\u00e1metro question en una acci\u00f3n add. NOTA: se desconoce la procedencia de esta informaci\u00f3n; Los detalles son obtenidos \u00fanicamente a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-4780",
"lastModified": "2024-11-21T01:10:26.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-21T14:30:00.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37520"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-11 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAB360A-D5DD-4DCA-A0C4-B171302FB531",
"versionEndExcluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Almacenados en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.9."
}
],
"id": "CVE-2022-4408",
"lastModified": "2024-11-21T07:35:12.797",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-11T15:15:10.733",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C",
"versionEndExcluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Caducidad de sesi\u00f3n insuficiente en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.2.2."
}
],
"id": "CVE-2023-5865",
"lastModified": "2024-11-21T08:42:39.783",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T01:15:07.880",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-22 18:15
Modified
2024-11-21 07:40
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1875",
"lastModified": "2024-11-21T07:40:04.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-22T18:15:07.207",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0791",
"lastModified": "2024-11-21T07:37:50.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.637",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 01:15
Modified
2024-11-21 07:39
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1753",
"lastModified": "2024-11-21T07:39:49.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T01:15:09.160",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0789",
"lastModified": "2024-11-21T07:37:50.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.467",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.\n\n"
}
],
"id": "CVE-2023-1886",
"lastModified": "2024-11-21T07:40:05.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.420",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-31 11:15
Modified
2024-11-21 07:20
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C",
"versionEndExcluding": "3.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS):- Reflejadas en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8.\n"
}
],
"id": "CVE-2022-3766",
"lastModified": "2024-11-21T07:20:12.303",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-31T11:15:10.247",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-11 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAB360A-D5DD-4DCA-A0C4-B171302FB531",
"versionEndExcluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Reflejados en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.9."
}
],
"id": "CVE-2022-4407",
"lastModified": "2024-11-21T07:35:12.677",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-11T15:15:10.653",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 17:29
Modified
2024-11-21 02:13
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| cve@mitre.org | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://techdefencelabs.com/security-advisories.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D821D1-B54E-4F36-A9BA-33800F6D2574",
"versionEndExcluding": "2.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en phpMyFAQ en versiones anteriores a la 2.8.13 permiten que atacantes remotos secuestren la autenticaci\u00f3n de usuarios no especificados para peticiones que (1) eliminan usuarios activos aprovechando la validaci\u00f3n incorrecta de tokens CSRF o que (2) eliminan preguntas abiertas, (3) activan usuarios, (4) publican FAQ, (5) a\u00f1aden o eliminan glosarios, (6) a\u00f1aden o eliminan noticias de FAQ, o (7) a\u00f1aden o eliminan comentarios o a\u00f1aden votos aprovechando la falta de un token CSRF."
}
],
"id": "CVE-2014-6046",
"lastModified": "2024-11-21T02:13:40.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T17:29:00.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-05 17:15
Modified
2024-11-21 07:40
Severity ?
Summary
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1883",
"lastModified": "2024-11-21T07:40:04.850",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-05T17:15:07.273",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-31 02:15
Modified
2024-11-21 07:39
Severity ?
Summary
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653EC167-06FC-4D30-AAF8-B75F596519AE",
"versionEndExcluding": "3.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
],
"id": "CVE-2023-1762",
"lastModified": "2024-11-21T07:39:51.510",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T02:15:06.750",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 14:15
Modified
2024-11-21 07:37
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CADCF40-01A2-41DD-B454-4F5946570CA9",
"versionEndExcluding": "3.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
}
],
"id": "CVE-2023-0786",
"lastModified": "2024-11-21T07:37:49.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T14:15:11.197",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B1C07-83F7-4DB0-976C-51483D7DF516",
"versionEndIncluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php."
},
{
"lang": "es",
"value": "En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.adminlog.php."
}
],
"id": "CVE-2017-15731",
"lastModified": "2024-11-21T03:15:07.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-24 00:03
Modified
2024-11-21 00:01
Severity ?
Summary
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field."
}
],
"id": "CVE-2005-3046",
"lastModified": "2024-11-21T00:01:00.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-24T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112749230124091\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://rgod.altervista.org/phpmyfuck151.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2024-11-21 01:33
Severity ?
Summary
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A288447-ABFD-4DF0-A958-439142DD7890",
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C44AC58F-94E3-4301-944E-E91C8E475CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2E61F309-FB2A-47BC-B43E-BE8DA726955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "383D3577-4F74-4842-8ADD-A6B9BEB410E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397A3DA9-99D3-41A0-8605-FFE1360147B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2B27F427-D46B-4B81-ADE7-81DAC498B450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3870AF03-C6E5-4F49-A502-2091A5017519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB959F7-7F97-4ECE-8FF1-843E73222935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "70400ECC-7102-4984-8804-2F0A18A07617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "691C193F-C1E5-44C0-953A-C6D6DE4C4FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFDC1AD-A611-40DA-85EA-517BE8187F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "8793289D-65A5-4DC0-8AD7-132042F293B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE10AD9-E5BD-4A25-92D2-4369EF15BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FDBDAC0F-BABF-48F2-B6CE-E3FCC740A45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9013E5FA-CFD9-430D-BDA7-2C19263C95F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AAC0C8B9-243E-4958-8558-AB49BBDCE551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA18AF75-D2E6-4020-9F02-39AE96166129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "64671966-303B-4B58-A5B9-7676AB132E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "659FCBE0-F0ED-443F-853E-6A14F70895FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpletter:ajax_file_and_image_manager:1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "894CE3C2-3E2D-45CA-92F0-643A8A8CC8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "726107EB-E267-4B1D-93B9-A0256B243800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6B01EF-B80C-4F4A-99F5-0BC54403A1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "448588AE-7FF3-423F-A687-E72A5720D914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E8566E-13D8-401E-B6C6-4A36532D4018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0E5995-E11D-4430-BB21-29A3CA9A9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0235BFA-8604-417C-96E5-D0A3CA36AF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3613B8-2D02-4517-8B90-D382B3731D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38292B44-CA69-4ADE-A93F-A4609E0B75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC00325-D9B4-4219-A63F-04EEB7DA6F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "714DA52A-6AE0-41A7-9250-08BE3B336C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17526059-D468-4AE3-A24E-8B4FDD26915E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA6480-F5BB-4513-8D25-78E185BAAB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "86B54292-AAFE-42BC-B164-97368B1D006A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74981F3E-EADC-46F2-A0D4-4FFA6C87A391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21162859-A1AB-4477-BA1B-4A2C2DB4705D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "06AC9151-E197-479F-B1BA-CAEEFC488EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "21ABBD7C-7FC6-48A1-88CE-282156EB5B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "092575EA-2318-4FDD-9EE0-D5AFC5A14854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F971EC18-895D-469E-9D69-94D13017B62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9650943E-4BB2-4A0D-B3D5-07B99566A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinymce:tinymce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B9DC89-26A9-42B3-A037-26A5B3E3441B",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en inc/function.base.php de Ajax File y Image Manager en versiones anteriores a 1.1, tal como se usa en tinymce en versiones anteriores a 1.4.2, phpMyFAQ 2.6 anteriores a 2.6.19 y 2.7 anteriores a 2.7.1, y posiblemente otros productos, permite a atacantes remotos inyectar c\u00f3digo arbitrario PHP en data.php a trav\u00e9s de par\u00e1metros modificados."
}
],
"id": "CVE-2011-4825",
"lastModified": "2024-11-21T01:33:04.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-15T03:57:34.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/18075"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"source": "cve@mitre.org",
"url": "http://www.zenphoto.org/trac/ticket/2005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpletter.com/en/DOWNLOAD/1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2011-10-25.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zenphoto.org/trac/ticket/2005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-21 11:28
Modified
2024-11-21 00:27
Severity ?
Summary
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1394509F-1694-4C1D-8D12-E75E72DFD733",
"versionEndIncluding": "1.6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5B26F173-5AB9-482C-8B3F-6424359E7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D99DCE-969E-4E2C-8557-DF19F43F7388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "C1833515-70CA-4B10-A947-5F8E544DA110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1B3D0-67F3-4F88-9952-D70CD86387B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80a:*:*:*:*:*:*:*",
"matchCriteriaId": "5E802239-AE7E-4C17-A98C-8E685E77B5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "9E54ADFE-3386-41BC-B08B-DAE967327B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "70079FB1-278D-49A2-8211-E68B7F5F626D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "20020044-2E57-4789-AB98-1B113D523BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5BB764-1B6F-433F-90A4-8103610E8F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "DA60DB45-5CFB-4EB2-ACD7-784B1905F259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:0.666:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA9BBDE-97D0-4B30-AEBB-69A302630542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99738346-9DC0-4B8B-8FFC-6A966E45148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC6F3CC-2440-4701-9CCC-47FD1B84F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C67BA38-E7BE-471F-9785-89C625C77792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "153DCD21-CF93-47F7-ABBA-D6911DC2CAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41AAC1B-6768-48E3-87F8-07EC5569B010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344819F5-FBFB-4A1F-BDD8-5810E971B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0455C3-04D5-4C0E-A208-A118D156887F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BB1EC6-C14A-4ECC-B9A6-C7669A5491AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6AE5E8-199F-4412-A119-FA5C1E7A9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72072594-4865-4887-86DA-CFA0016C9377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF373EBB-79A9-408D-A165-F77621432FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC28624F-5720-4CA3-9A46-4FD068C3EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D5BD6D-2BE5-4D41-89CB-C75BAF31CEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A6F367-786B-4724-8640-FEAF614CDC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C85053E4-DE47-4A1F-B575-DD7911832C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "223AA20B-677D-4B73-B154-1E4AA3174A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0C9783-6ED4-4B79-AE6C-F76482E47325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB38F0F-C826-4B76-B736-E35BB9FD6662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A50C4E-05E0-42A3-BD6D-0A94A63A4C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8D49BE-0858-4668-A6EA-537CDE4717FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64F62405-EA47-4061-BD0B-063EA4E3CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "456DC767-E09C-4E7F-9B48-EDD869EF7EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0187F0-200A-4E51-BCED-9A30C339022B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E2D6B3-B087-4413-8C40-CEEEA6001194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC40AA1-5EC8-4184-973B-C91E706B84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3906A68-5C05-4D8F-84B8-C1E4C4E69D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A77FFE78-0BA2-44F8-A84D-634060A7B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD06BF1-A3ED-4E87-9E07-71746B98D456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC2D031-6C8C-49A2-AF52-7C5FE83989B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "653DA520-718F-4327-B822-1A6E54427BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8C52FB-D19D-4BA1-990A-AB4ED2E59EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A956F61-5116-4F9B-BD3E-F933F104F0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B24AFF-1FAE-45C1-8983-D1B6ECC699A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7E151B-F894-4141-AE91-DEF3C3DBF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60CA0AB0-D9AE-463E-9D1B-E13B2F7B66DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "89C9118F-6DD1-4606-BAB4-24DB619579EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEEA6B3-2F0A-4A5E-91C6-054B40C0CE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4334A3-FB00-4493-98BE-406374E2CAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C7BADC-3CCC-453E-A86F-487EC9B507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A4FBAF-66FD-40C9-8C23-94813B43CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1E2225-7B74-4142-85CF-BA0053C8717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711ED6E4-67FB-484C-BEC7-0BB4E0EAD481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F01B0D69-34D9-4CE5-B42A-38312075D370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8FD2B5-400B-4A73-984C-D85B507D1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "765D11EC-EFD1-4F70-A2A3-215A52B0A81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55E240-570A-45EE-A61C-05DF93EC28E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38E0385C-4DE7-4543-A619-34E04F1CFAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EE89A-A920-45EF-845F-FE28C620AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50CE3C-06D9-4543-9966-E277113BAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABF09A-D991-4D64-806C-309FBE921B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A47DF5D-6D36-4C47-9CBB-3FDF383D39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1981C9F6-1E0B-4E60-8F73-F655DF400975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55069115-5799-4566-842C-2ABE0E80E485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87B99D2B-D08E-4941-A319-C77FAA624DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A950FD89-A758-4260-B3C4-E4BF6144F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3BE7E6-AE04-45E8-91CF-7315FE412431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "49FFDD87-84FD-4659-A637-2BBC36B9E696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89138047-5087-4CAD-BC37-5D9C4B52DBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F45FD8-CEE0-472E-96D0-EA4890ABA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E359E0-79B0-4B9F-A340-638E8DC5A0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA7EB9-2466-41AB-BEDD-EBE303642A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "215166AC-1B68-44E9-9BB6-944097850B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7136ACF5-6629-45F2-916E-EFE0A8EF45AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D162F6CF-9517-4882-9181-9275D0CAFC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39E68238-AF1F-4025-9A2A-1B180AF57B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E224C228-2547-4A26-A24C-11D8A1770D12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to \"gain the privilege for uploading files on the server.\""
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en phpMyFAQ versi\u00f3n 1.6.9 y anteriores, cuando register_globals est\u00e1 habilitado, permite a atacantes remotos \"gain the privilege for uploading files on the server.\""
}
],
"evaluatorImpact": "Successful exploitation requires that \"register_globals\" is enabled.",
"id": "CVE-2007-1032",
"lastModified": "2024-11-21T00:27:20.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-21T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32603"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24230"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpmyfaq.de/advisory_2007-02-18.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32573"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
jvndb-2014-000015
Vulnerability from jvndb
Published
2014-02-07 12:25
Modified
2014-02-20 14:00
Summary
phpMyFAQ vulnerable to cross-site scripting
Details
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000015.html",
"dc:date": "2014-02-20T14:00+09:00",
"dcterms:issued": "2014-02-07T12:25+09:00",
"dcterms:modified": "2014-02-20T14:00+09:00",
"description": "phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000015.html",
"sec:cpe": {
"#text": "cpe:/a:phpmyfaq:phpmyfaq",
"@product": "phpMyFAQ",
"@vendor": "phpMyFAQ",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000015",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN30050348/index.html",
"@id": "JVN#30050348",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0814",
"@id": "CVE-2014-0814",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0814",
"@id": "CVE-2014-0814",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "phpMyFAQ vulnerable to cross-site scripting"
}
jvndb-2014-000016
Vulnerability from jvndb
Published
2014-02-07 12:26
Modified
2014-02-20 13:58
Summary
phpMyFAQ vulnerable to cross-site request forgery
Details
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN50943964/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0813 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0813 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000016.html",
"dc:date": "2014-02-20T13:58+09:00",
"dcterms:issued": "2014-02-07T12:26+09:00",
"dcterms:modified": "2014-02-20T13:58+09:00",
"description": "phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000016.html",
"sec:cpe": {
"#text": "cpe:/a:phpmyfaq:phpmyfaq",
"@product": "phpMyFAQ",
"@vendor": "phpMyFAQ",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000016",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50943964/index.html",
"@id": "JVN#50943964",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0813",
"@id": "CVE-2014-0813",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0813",
"@id": "CVE-2014-0813",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "phpMyFAQ vulnerable to cross-site request forgery"
}