CVE-2022-3754 – Weak Password Requirements in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3754
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Requisitos de Contraseñas Débiles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8. • https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47 • CWE-521: Weak Password Requirements •
CVE-2022-3608 – Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3608
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub thorsten/phpmyfaq versiones anteriores a 3.2.0-alpha • https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16650
https://notcve.org/view.php?id=CVE-2018-16650
phpMyFAQ before 2.9.11 allows CSRF. phpMyFAQ en versiones anteriores a la 2.9.11 permite Cross-Site Request Forgery (CSRF). • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-16651
https://notcve.org/view.php?id=CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. El backend de administrador en phpMyFAQ en versiones anteriores a la 2.9.11 permite la inyección CSV en los informes. • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2014-6049 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6049
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con privilegios de administrador omitan la autorización mediante un parámetro ID de instancia manipulado. • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-285: Improper Authorization •