CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1CVE-2014-6049 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6049
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con privilegios de administrador omitan la autorización mediante un parámetro ID de instancia manipulado. • https://www.exploit-db.com/exploits/34580 • CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 1CVE-2014-6047 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6047
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos lean archivos adjuntos arbitrarios aprovechando comprobaciones incorrectas del permiso "download an attachment". • https://www.exploit-db.com/exploits/34580 • CWE-275: Permission Issues •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15808
https://notcve.org/view.php?id=CVE-2017-15808
23 Oct 2017 — In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Request Forgery (CSRF) en admin/ajax.config.php. • https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15809
https://notcve.org/view.php?id=CVE-2017-15809
23 Oct 2017 — In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Scripting (XSS) en admin/tags.main.php mediante una etiqueta manipulada. • https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15729
https://notcve.org/view.php?id=CVE-2017-15729
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al añadir un glosario. • https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15728
https://notcve.org/view.php?id=CVE-2017-15728
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante metaDescription o metaKeywords. • https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15735
https://notcve.org/view.php?id=CVE-2017-15735
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al modificar un glosario. • https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15733
https://notcve.org/view.php?id=CVE-2017-15733
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/ajax.attachment.php y admin/att.main.php. • https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15727 – PHPMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15727
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante un adjunto HTML. • https://www.exploit-db.com/exploits/43063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15731
https://notcve.org/view.php?id=CVE-2017-15731
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.adminlog.php. • https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c • CWE-352: Cross-Site Request Forgery (CSRF) •