CVSS: 6.1EPSS: 0%CPEs: 119EXPL: 3CVE-2009-4780 – phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4780
21 Apr 2010 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show a... • https://www.exploit-db.com/exploits/33385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 117EXPL: 0CVE-2009-4040
https://notcve.org/view.php?id=CVE-2009-4040
20 Nov 2009 — Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzado (XSS) en phpMyFAQ antes de v2.0.17 y v2.5.x antes de v2.5.2, cuando se utiliza con Internet Explorer v6 o v7, permite a atacantes remotos inyectar HTML o scripts web a través de parámetros no es... • http://secunia.com/advisories/37354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 78EXPL: 0CVE-2007-1032
https://notcve.org/view.php?id=CVE-2007-1032
21 Feb 2007 — Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." Una vulnerabilidad no especificada en phpMyFAQ versión 1.6.9 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos "gain the privilege for uploading files on the server." • http://osvdb.org/32603 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6913
https://notcve.org/view.php?id=CVE-2006-6913
31 Dec 2006 — Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. Vulnerabilidad no especificada en phpMyFAQ 1.6.7 y anteriores permite a atacantes remotos enviar secuencias de comandos PHP de su elección a través de vectores no especificados. • http://secunia.com/advisories/23651 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6912 – phpMyFAQ 1.6.7 - SQL Injection / Command Execution
https://notcve.org/view.php?id=CVE-2006-6912
31 Dec 2006 — SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. Vulnerabilidad de inyección de SQL en el phpMyFAQ 1.6.7 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores sin especificar. • https://www.exploit-db.com/exploits/3393 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2005-0702
https://notcve.org/view.php?id=CVE-2005-0702
07 Mar 2005 — SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages. • http://secunia.com/advisories/14516 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2004-2256
https://notcve.org/view.php?id=CVE-2004-2256
31 Dec 2004 — Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. • http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-2257
https://notcve.org/view.php?id=CVE-2004-2257
31 Dec 2004 — phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. • http://secunia.com/advisories/12085 • CWE-425: Direct Request ('Forced Browsing') •