pkg:Packagist/phpMyFAQ/phpMyFAQ

6 total CVEsHIGH1MEDIUM5

✅ Check your installed version

All known vulnerabilities

  • HIGH7.6CVE-2026-46367phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
    from 0, < 4.1.2
  • MEDIUM6.5CVE-2026-45008phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins
    from 0, < 4.1.2
  • MEDIUM5.4CVE-2026-46365phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags
    from 0, < 4.1.2
  • MEDIUM5.4CVE-2026-46363phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
    from 0, < 4.1.2
  • MEDIUM5.4CVE-2026-46360phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS
    from 0, < 4.1.2
  • MEDIUM4.3CVE-2026-45009phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check
    from 0, < 4.1.2