CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3754 – Weak Password Requirements in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3754
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Requisitos de Contraseñas Débiles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8. • https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47 • CWE-521: Weak Password Requirements •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3608 – Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3608
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub thorsten/phpmyfaq versiones anteriores a 3.2.0-alpha • https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16651
https://notcve.org/view.php?id=CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. El backend de administrador en phpMyFAQ en versiones anteriores a la 2.9.11 permite la inyección CSV en los informes. • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16650
https://notcve.org/view.php?id=CVE-2018-16650
phpMyFAQ before 2.9.11 allows CSRF. phpMyFAQ en versiones anteriores a la 2.9.11 permite Cross-Site Request Forgery (CSRF). • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6046 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6046
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. Múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en phpMyFAQ en versiones anteriores a la 2.8.13 permiten que atacantes remotos secuestren la autenticación de usuarios no especificados para peticiones que (1) eliminan usuarios activos aprovechando la validación incorrecta de tokens CSRF o que (2) eliminan preguntas abiertas, (3) activan usuarios, (4) publican FAQ, (5) añaden o eliminan glosarios, (6) añaden o eliminan noticias de FAQ, o (7) añaden o eliminan comentarios o añaden votos aprovechando la falta de un token CSRF. • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-352: Cross-Site Request Forgery (CSRF) •