CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 1CVE-2014-6050 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6050
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos omitan el mecanismo de protección CAPTCHA reproduciendo la petición. • https://www.exploit-db.com/exploits/34580 • CWE-254: 7PK - Security Features •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6045 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6045
28 Aug 2018 — SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. Vulnerabilidad de inyección SQL en phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos ejecuten comandos SQL arbitrarios mediante vectores relacionados con la función restore. • https://www.exploit-db.com/exploits/34580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15808
https://notcve.org/view.php?id=CVE-2017-15808
23 Oct 2017 — In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Request Forgery (CSRF) en admin/ajax.config.php. • https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86f6a9fbe5d2344ab1cbdb906b75c • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15809
https://notcve.org/view.php?id=CVE-2017-15809
23 Oct 2017 — In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. En phpMyFaq en versiones anteriores a la 2.9.9, existe Cross-Site Scripting (XSS) en admin/tags.main.php mediante una etiqueta manipulada. • https://github.com/thorsten/phpMyFAQ/commit/cb648f0d5690b81647dd5c9efe942ebf6cce7da9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15727 – PHPMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15727
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante un adjunto HTML. • https://www.exploit-db.com/exploits/43063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15728
https://notcve.org/view.php?id=CVE-2017-15728
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante metaDescription o metaKeywords. • https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15729
https://notcve.org/view.php?id=CVE-2017-15729
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al añadir un glosario. • https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15730 – phpMyFAQ 2.9.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-15730
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.ratings.php. • https://www.exploit-db.com/exploits/43064 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15731
https://notcve.org/view.php?id=CVE-2017-15731
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.adminlog.php. • https://github.com/thorsten/phpMyFAQ/commit/fadb9a70b5f7624a6926b8834d5c6001c210f09c • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15732
https://notcve.org/view.php?id=CVE-2017-15732
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/news.php. • https://github.com/thorsten/phpMyFAQ/commit/ec8b3cc37d05b6625e24916b8f7253f830015b5f • CWE-352: Cross-Site Request Forgery (CSRF) •