CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15735
https://notcve.org/view.php?id=CVE-2017-15735
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al modificar un glosario. • https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-14618 – PHPMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14618
20 Sep 2017 — Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en inc/PMF/Faq.php en phpMyFAQ hasta la versión 2.9.8 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Questions en una acción "Add New FAQ". phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulner... • https://packetstorm.news/files/id/144280 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2017-14619 – phpMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14619
20 Sep 2017 — Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en phpMyFAQ hasta la versión 2.9.8 permite que atacantes remotos inyecten scripts web o HTML mediante el campo "Title of your FAQ" en el módulo de configuración. phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker c... • https://packetstorm.news/files/id/144603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11187
https://notcve.org/view.php?id=CVE-2017-11187
12 Jul 2017 — phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. phpMyFAQ anterior a versión 2.9.8, no mitiga apropiadamente los ataques de fuerza bruta que intentan muchas contraseñas durante inicios de sesión intentados rápidamente. • http://www.phpmyfaq.de/security/advisory-2017-07-12 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7579
https://notcve.org/view.php?id=CVE-2017-7579
07 Apr 2017 — inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. inc/PMF/Faq.php en phpMyFAQ en versiones anteriores a 2.9.7 tiene XSS en el campo de pregunta. • http://www.phpmyfaq.de/security/advisory-2017-04-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 145EXPL: 0CVE-2014-0813
https://notcve.org/view.php?id=CVE-2014-0813
14 Feb 2014 — Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. Vulnerabilidad de CSRF en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que modifiquen configuraciones. • http://jvn.jp/en/jp/JVN50943964/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 145EXPL: 0CVE-2014-0814
https://notcve.org/view.php?id=CVE-2014-0814
14 Feb 2014 — Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30050348/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 119EXPL: 3CVE-2010-4821 – PHPMyFAQ 2.6.x - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4821
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en phpMyFAQ antes de v2.6.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del PATH_INFO a index.php. • https://www.exploit-db.com/exploits/34785 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 83%CPEs: 41EXPL: 8CVE-2011-4825 – aidiCMS 3.55 - 'ajax_create_folder.php' Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-4825
15 Dec 2011 — Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. Vulnerabilidad de inyección de código estático en inc/function.base.php de Ajax File y Image Manager en versiones anteriores a 1.1, tal como se usa en tinymce en versiones anteriores a 1.4.2, phpMyFAQ 2.6 a... • https://www.exploit-db.com/exploits/18085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3783
https://notcve.org/view.php?id=CVE-2011-3783
24 Sep 2011 — phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. phpMyFAQ v2.6.13 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como lo demuestra el producto lang/language_uk.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •