phpmyfaq/phpmyfaq Security Advisories (21)
-
[MEDIUM] phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
PKSA-yq8b-v8fg-rvf8 CVE-2026-34729 GHSA-cv2g-8cj8-vgc7
Affected version: <=4.1.0
Reported by:
GitHub -
[HIGH] phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController
PKSA-n57d-sn2t-c46g CVE-2026-34728 GHSA-38m8-xrfj-v38x
Affected version: <=4.1.0
Reported by:
GitHub -
[MEDIUM] phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
PKSA-25jh-4r4k-gpj5 CVE-2026-32629 GHSA-98gw-w575-h2ph
Affected version: <=4.1.0
Reported by:
GitHub -
[MEDIUM] phpMyFAQ: Public API endpoints expose emails and invisible questions
PKSA-g4rh-637x-8kby CVE-2026-24422 GHSA-j4rc-96xj-gvqc
Affected version: <=4.0.16
Reported by:
GitHub -
[MEDIUM] phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
PKSA-kw83-ss3b-tqsv CVE-2026-24421 GHSA-wm8h-26fv-mg7g
Affected version: <=4.0.16
Reported by:
GitHub -
[MEDIUM] phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
PKSA-bn6v-4n7v-4dtq CVE-2026-24420 GHSA-7p9h-m7m8-vhhv
Affected version: <=4.0.16
Reported by:
GitHub -
[MEDIUM] phpMyFAQ contains a CSV injection vulnerability
PKSA-1cq7-dh6p-78w8 CVE-2023-53929 GHSA-x2v3-9p22-w3x6
Affected version: <=3.1.12
Reported by:
GitHub -
[HIGH] phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
PKSA-mvvf-b3jn-bt43 CVE-2025-62519 GHSA-fxm2-cmwj-qvx4
Affected version: <=4.0.13
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
PKSA-jfrb-72ps-8zz9 CVE-2024-56199 GHSA-ww33-jppq-qfrp
Affected version: >=3.2.10,<=4.0.1
Reported by:
GitHub -
[MEDIUM] phpMyFAQ stored Cross-site Scripting at user email
PKSA-ybcz-g9v1-ckf6 CVE-2024-27300 GHSA-q7g6-xfh2-vhpx
Affected version: =3.2.5
Reported by:
GitHub -
[HIGH] phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
PKSA-775k-y393-8m1z CVE-2024-28105 GHSA-pwh2-fpfr-x5gf
Affected version: =3.2.5
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting at FAQ News Content
PKSA-p4ng-tr9d-w81m CVE-2024-28106 GHSA-6p68-36m6-392r
Affected version: =3.2.5
Reported by:
GitHub -
[HIGH] phpMyFAQ SQL injections at insertentry & saveentry
PKSA-4r7y-kgj4-j4xc CVE-2024-28107 GHSA-2grw-mc9r-822r
Affected version: =3.2.5
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored HTML Injection at contentLink
PKSA-d8rg-3yvp-s4fb CVE-2024-28108 GHSA-48vw-jpf8-hwqh
Affected version: =3.2.5
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting at File Attachments
PKSA-c9hs-7114-3c9w CVE-2024-29179 GHSA-hm8r-95g3-5hj9
Affected version: =3.2.5
Reported by:
GitHub -
[HIGH] phpMyFAQ SQL Injection at "Save News"
PKSA-twpc-5rpv-18qh CVE-2024-27299 GHSA-qgxx-4xv5-6hcw
Affected version: =3.2.5
Reported by:
GitHub -
[LOW] phpMyFAQ Path Traversal in Attachments
PKSA-skvy-9bqh-rfw7 CVE-2024-29196 GHSA-mmh6-5cpf-2c72
Affected version: =3.2.5
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to stored XSS on attachments filename
PKSA-hdfq-3r6d-xzjt CVE-2024-24574 GHSA-7m8g-fprr-47fx
Affected version: <3.2.5
Reported by:
GitHub -
[MEDIUM] phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
PKSA-qfjp-pm9r-s97r CVE-2024-22208 GHSA-9hhf-xmcw-r3xg
Affected version: <3.2.5
Reported by:
GitHub -
[MEDIUM] phpMyFAQ User Removal Page Allows Spoofing Of User Details
PKSA-q87w-7ynx-prc4 CVE-2024-22202 GHSA-6648-6g96-mg35
Affected version: <3.2.5
Reported by:
GitHub -
[HIGH] phpMyFAQ vulnerable to Cross-site Scripting
PKSA-k57y-tc6t-fmbw CVE-2022-3608 GHSA-6rj8-9cm9-6gff
Affected version: <=3.1.7
Reported by:
GitHub