thorsten/phpMyFAQ
Open source FAQ web application for PHP 8.4+ with multi-database support, full-text search, user management, and a REST API
Security Advisories for thorsten/phpMyFAQ in packagist
High
12 days ago
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
12 days ago
phpMyFAQ: Default Empty API Token Authentication Bypass
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
12 days ago
phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Moderate
17 days ago
phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
Moderate
17 days ago
phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
Moderate
17 days ago
phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
Moderate
17 days ago
phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
Critical
26 days ago
phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Moderate
26 days ago
phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
26 days ago
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
26 days ago
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Critical
26 days ago
phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Moderate
26 days ago
phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Moderate
26 days ago
phpMyFAQ has stored XSS via | raw Filter in search.twig โ html_entity_decode(strip_tags()) Bypass in Search Result Rendering
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Moderate
26 days ago
phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Moderate
26 days ago
phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Moderate
26 days ago
phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Moderate
26 days ago
phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Moderate
26 days ago
phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
High
26 days ago
phpMyFAQ has stored XSS via Utils::parseUrl() in comment rendering
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Moderate
2 months ago
phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
packagist
thorsten/phpmyfaq
Moderate
2 months ago
phpMyFAQ has a LIKE Wildcard Injection in Search.php โ Unescaped % and _ Metacharacters Enable Broad Content Disclosure
packagist
thorsten/phpmyfaq
Moderate
2 months ago
phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
3 months ago
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint
packagist
thorsten/phpmyfaq
Moderate
4 months ago
phpMyFAQ: Public API endpoints expose emails and invisible questions
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Moderate
4 months ago
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Moderate
4 months ago
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
High
5 months ago
phpMyFAQ has unauthenticated config backup download via /api/setup/backup
packagist
thorsten/phpmyfaq
Moderate
5 months ago
phpMyFAQ has Stored XSS in user list via admin-managed display_name
packagist
thorsten/phpmyfaq
Moderate
6 months ago
phpMyFAQ contains a CSV injection vulnerability
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
7 months ago
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
8 months ago
phpMyFAQ duplicate email registration allows multiple accounts with the same email
packagist
thorsten/phpmyfaq
Moderate
over 1 year ago
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
packagist
thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Moderate
over 1 year ago
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
packagist
thorsten/phpmyfaq
High
over 1 year ago
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
packagist
thorsten/phpmyfaq
Moderate
over 2 years ago
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
packagist
thorsten/phpmyfaq
High
over 2 years ago
Insufficient Session Expiration in thorsten/phpmyfaq
packagist
thorsten/phpmyfaq
Moderate
over 2 years ago
Cross-site Scripting (XSS) in thorsten/phpmyfaq
packagist
thorsten/phpmyfaq
Moderate
over 2 years ago
phpMyFAQ allows unrestricted file types in image field
packagist
thorsten/phpmyfaq
High
almost 3 years ago
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability
packagist
thorsten/phpmyfaq
High
almost 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
thorsten/phpmyfaq vulnerable to cross-site scripting
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
thorsten/phpmyfaq vulnerable to cross-site scripting
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
phpMyFAQ vulnerable to stored Cross-site Scripting
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
phpMyFAQ vulnerable to stored Cross-site Scripting
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
phpMyFAQ Improper Access Control vulnerability
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
phpMyFAQ vulnerable to Stored Cross-site Scripting
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
thorsten/phpmyfaq vulnerable to improper access control
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable to authentication bypass
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable to business logic errors
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
about 3 years ago
phpMyFAQ vulnerable to improper input validation
packagist
thorsten/phpmyfaq
High
about 3 years ago
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
Misinterpretation of Input in thorsten/phpmyfaq
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
phpMyFAQ Reflected Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Moderate
over 3 years ago
phpMyFAQ Stored Cross-site Scripting vulnerability
packagist
thorsten/phpmyfaq
Critical
over 3 years ago
phpMyFAQ Improper Authentication vulnerability
packagist
thorsten/phpmyfaq