CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2022-3754 – Weak Password Requirements in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3754
29 Oct 2022 — Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Requisitos de Contraseñas Débiles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8. • https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea • CWE-521: Weak Password Requirements •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3608 – Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3608
19 Oct 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub thorsten/phpmyfaq versiones anteriores a 3.2.0-alpha • https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16650
https://notcve.org/view.php?id=CVE-2018-16650
07 Sep 2018 — phpMyFAQ before 2.9.11 allows CSRF. phpMyFAQ en versiones anteriores a la 2.9.11 permite Cross-Site Request Forgery (CSRF). • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16651
https://notcve.org/view.php?id=CVE-2018-16651
07 Sep 2018 — The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. El backend de administrador en phpMyFAQ en versiones anteriores a la 2.9.11 permite la inyección CSV en los informes. • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6046 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6046
28 Aug 2018 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. Múltiples vulnerabilidades de Cross-Site Request Forger... • https://www.exploit-db.com/exploits/34580 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 1CVE-2014-6047 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6047
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos lean archivos adjuntos arbitrarios aprovechando comprobaciones incorrectas del permiso "download an attachment". • https://www.exploit-db.com/exploits/34580 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 6%CPEs: 1EXPL: 1CVE-2014-6048 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6048
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos lean archivos adjuntos arbitrarios mediante una petición directa. • https://www.exploit-db.com/exploits/34580 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1CVE-2014-6049 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6049
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con privilegios de administrador omitan la autorización mediante un parámetro ID de instancia manipulado. • https://www.exploit-db.com/exploits/34580 • CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 1CVE-2014-6050 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6050
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos omitan el mecanismo de protección CAPTCHA reproduciendo la petición. • https://www.exploit-db.com/exploits/34580 • CWE-254: 7PK - Security Features •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6045 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6045
28 Aug 2018 — SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. Vulnerabilidad de inyección SQL en phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos ejecuten comandos SQL arbitrarios mediante vectores relacionados con la función restore. • https://www.exploit-db.com/exploits/34580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •