CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3754 – Weak Password Requirements in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3754
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Requisitos de Contraseñas Débiles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8. • https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47 • CWE-521: Weak Password Requirements •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3608 – Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3608
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub thorsten/phpmyfaq versiones anteriores a 3.2.0-alpha • https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16650
https://notcve.org/view.php?id=CVE-2018-16650
phpMyFAQ before 2.9.11 allows CSRF. phpMyFAQ en versiones anteriores a la 2.9.11 permite Cross-Site Request Forgery (CSRF). • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16651
https://notcve.org/view.php?id=CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. El backend de administrador en phpMyFAQ en versiones anteriores a la 2.9.11 permite la inyección CSV en los informes. • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6045 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6045
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. Vulnerabilidad de inyección SQL en phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos ejecuten comandos SQL arbitrarios mediante vectores relacionados con la función restore. • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •