CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6913
https://notcve.org/view.php?id=CVE-2006-6913
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. Vulnerabilidad no especificada en phpMyFAQ 1.6.7 y anteriores permite a atacantes remotos enviar secuencias de comandos PHP de su elección a través de vectores no especificados. • http://secunia.com/advisories/23651 http://www.phpmyfaq.de/advisory_2006-12-15.php http://www.securityfocus.com/bid/21945 http://www.vupen.com/english/advisories/2007/0077 •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2005-3734
https://notcve.org/view.php?id=CVE-2005-3734
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página "add content" de phpMyFAQ 1.5.3 y anteriores permite a atacantes remotos inyectar 'script' web arbitrario mediante los parámetros (1) thema, (2) username, y (3) usermail. • http://secunia.com/advisories/17649 http://securityreason.com/securityalert/196 http://www.osvdb.org/20989 http://www.phpmyfaq.de/advisory_2005-11-18.php http://www.securityfocus.com/archive/1/417219/30/0/threaded http://www.securityfocus.com/bid/15504 http://www.trapkit.de/advisories/TKADV2005-11-004.txt http://www.vupen.com/english/advisories/2005/2505 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3046
https://notcve.org/view.php?id=CVE-2005-3046
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field. • http://marc.info/?l=bugtraq&m=112749230124091&w=2 http://rgod.altervista.org/phpmyfuck151.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3049
https://notcve.org/view.php?id=CVE-2005-3049
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. • http://marc.info/?l=bugtraq&m=112749230124091&w=2 http://rgod.altervista.org/phpmyfuck151.html http://secunia.com/advisories/16933 http://securitytracker.com/id?1014968 http://www.osvdb.org/19670 http://www.securityfocus.com/bid/14930 https://exchange.xforce.ibmcloud.com/vulnerabilities/22405 •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3048 – phpMyFAQ 1.5.1 - 'User-Agent' Remote Shell Injection
https://notcve.org/view.php?id=CVE-2005-3048
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file. • https://www.exploit-db.com/exploits/1226 http://marc.info/?l=bugtraq&m=112749230124091&w=2 http://rgod.altervista.org/phpmyfuck151.html http://www.osvdb.org/19672 •