CVSS: 9.8EPSS: 83%CPEs: 41EXPL: 8CVE-2011-4825 – aidiCMS 3.55 - 'ajax_create_folder.php' Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-4825
15 Dec 2011 — Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. Vulnerabilidad de inyección de código estático en inc/function.base.php de Ajax File y Image Manager en versiones anteriores a 1.1, tal como se usa en tinymce en versiones anteriores a 1.4.2, phpMyFAQ 2.6 a... • https://www.exploit-db.com/exploits/18085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3783
https://notcve.org/view.php?id=CVE-2011-3783
24 Sep 2011 — phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. phpMyFAQ v2.6.13 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como lo demuestra el producto lang/language_uk.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4558
https://notcve.org/view.php?id=CVE-2010-4558
17 Dec 2010 — phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code. phpMyFAQ v2.6.11 y v2.6.12, como los distribuidos entre el 4 y el 15 de diciembre de 2010, contiene una modificación introducida externamente (Troyano) en el método getTopTen en inc/faq.php, que permite a atacantes remotos ejecutar código PHP de su elección. • http://secunia.com/advisories/42622 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 119EXPL: 3CVE-2009-4780 – phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4780
21 Apr 2010 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show a... • https://www.exploit-db.com/exploits/33385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 117EXPL: 0CVE-2009-4040
https://notcve.org/view.php?id=CVE-2009-4040
20 Nov 2009 — Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzado (XSS) en phpMyFAQ antes de v2.0.17 y v2.5.x antes de v2.5.2, cuando se utiliza con Internet Explorer v6 o v7, permite a atacantes remotos inyectar HTML o scripts web a través de parámetros no es... • http://secunia.com/advisories/37354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 78EXPL: 0CVE-2007-1032
https://notcve.org/view.php?id=CVE-2007-1032
21 Feb 2007 — Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." Una vulnerabilidad no especificada en phpMyFAQ versión 1.6.9 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos "gain the privilege for uploading files on the server." • http://osvdb.org/32603 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6912 – phpMyFAQ 1.6.7 - SQL Injection / Command Execution
https://notcve.org/view.php?id=CVE-2006-6912
31 Dec 2006 — SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. Vulnerabilidad de inyección de SQL en el phpMyFAQ 1.6.7 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores sin especificar. • https://www.exploit-db.com/exploits/3393 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6913
https://notcve.org/view.php?id=CVE-2006-6913
31 Dec 2006 — Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. Vulnerabilidad no especificada en phpMyFAQ 1.6.7 y anteriores permite a atacantes remotos enviar secuencias de comandos PHP de su elección a través de vectores no especificados. • http://secunia.com/advisories/23651 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2005-3734
https://notcve.org/view.php?id=CVE-2005-3734
22 Nov 2005 — Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página "add content" de phpMyFAQ 1.5.3 y anteriores permite a atacantes remotos inyectar 'script' web arbitrario mediante los parámetros (1) thema, (2) username, y (3) usermail. • http://secunia.com/advisories/17649 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3046
https://notcve.org/view.php?id=CVE-2005-3046
23 Sep 2005 — SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field. • http://marc.info/?l=bugtraq&m=112749230124091&w=2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •