pkg:Packagist/thorsten/phpmyfaq

89 total CVEsCRITICAL6HIGH29MEDIUM52

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2023-0789Command Injection in thorsten/phpmyfaq
    from 0, < 3.1.11
  • CRITICAL9.8CVE-2023-0788Code Injection in thorsten/phpmyfaq
    from 0, < 3.1.11
  • CRITICAL9.8CVE-2023-0311phpMyFAQ Improper Authentication vulnerability
    from 0, < 3.1.10
  • CRITICAL9.8CVE-2022-3754phpMyFAQ contains Weak Password Requirements
    from 0, < 3.1.8
  • CRITICAL9.1CVE-2023-5316phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.1.18
  • CRITICAL9.0CVE-2023-5320phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.1.18
  • HIGH8.9CVE-2023-1758thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
    from 0, < 3.1.12
  • HIGH8.8CVE-2026-35671phpMyFAQ: IDOR Account Takeover
    from 0, < 4.1.3
  • HIGH8.8CVE-2023-53929phpMyFAQ contains a CSV injection vulnerability
    from 0, <= 3.1.12
  • HIGH8.8CVE-2023-4007phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.16
  • HIGH8.8CVE-2023-4006phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability
    from 0, < 3.1.16
  • HIGH8.8CVE-2023-1762thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
    from 0, < 3.1.12
  • HIGH8.8CVE-2023-0790Uncaught Exception in thorsten/phpmyfaq
    from 0, < 3.1.11
  • HIGH8.8CVE-2023-0793Weak Password Requirements in thorsten/phpmyfaq
    from 0, < 3.1.11
  • HIGH8.8CVE-2018-16650phpMyFAQ CSRF
    from 0, < 2.9.11
  • HIGH8.6CVE-2024-54141phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
    from 0, < 4.0.0
  • HIGH8.4CVE-2022-3608phpMyFAQ vulnerable to Cross-site Scripting
    from 0, < 3.2.0-alpha
  • HIGH8.3CVE-2023-5319phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.1.18
  • HIGH8.3CVE-2023-1887thorsten/phpmyfaq vulnerable to business logic errors
    from 0, < 3.1.12
  • HIGH8.3CVE-2023-1880thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
    from 0, < 3.1.12
  • HIGH8.3CVE-2023-1878thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog
    from 0, < 3.1.12
  • HIGH8.2CVE-2026-35675phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
    from 0, < 4.1.3
  • HIGH8.2CVE-2026-35676phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
    from 0, < 4.1.3
  • HIGH8.2CVE-2023-2550Cross Site Scripting in thorsten/phpmyfaq
    from 0, < 3.1.13
  • HIGH8.1CVE-2025-59943phpMyFAQ duplicate email registration allows multiple accounts with the same email
    >= 4.0.7, < 4.0.13
  • HIGH8.1CVE-2023-1882thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
    from 0, < 3.1.12
  • HIGH8.1CVE-2023-1757thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
    from 0, < 3.1.12
  • HIGH7.6CVE-2023-5865Insufficient Session Expiration in thorsten/phpmyfaq
    from 0, < 3.2.2
  • HIGH7.5CVE-2026-35672phpMyFAQ: Default Empty API Token Authentication Bypass
    from 0, < 4.1.3
  • HIGH7.5CVE-2026-27836phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint
    from 0, < 4.0.18
  • HIGH7.5CVE-2025-69200phpMyFAQ has unauthenticated config backup download via /api/setup/backup
    from 0, < 4.0.16
  • HIGH7.5CVE-2022-4409phpMyFAQ has insecure HTTP cookies
    from 0, < 3.1.9
  • HIGH7.4CVE-2023-5864phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.2.1
  • HIGH7.3CVE-2023-1886thorsten/phpmyfaq vulnerable to authentication bypass
    from 0, < 3.1.12
  • HIGH7.2CVE-2025-62519phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
    from 0, < 4.0.14
  • MEDIUM6.7CVE-2023-2999thorsten/phpmyfaq vulnerable to cross-site scripting
    from 0, < 3.1.14
  • MEDIUM6.6CVE-2023-2429phpMyFAQ Improper Access Control vulnerability
    from 0, < 3.1.13
  • MEDIUM6.5CVE-2026-24421phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
    from 0, < 4.0.17
  • MEDIUM6.5CVE-2026-24420phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
    from 0, < 4.0.17
  • MEDIUM6.5CVE-2023-5227phpMyFAQ allows unrestricted file types in image field
    from 0, < 3.1.18
  • MEDIUM6.3CVE-2023-5866Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
    from 0, < 3.2.1
  • MEDIUM6.3CVE-2023-5317phpMyFaq Cross-site Scripting vulnerability
    from 0, < 3.1.18
  • MEDIUM6.3CVE-2023-1885thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter
    from 0, < 3.1.12
  • MEDIUM6.1CVE-2023-5863phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.2.2
  • MEDIUM6.1CVE-2023-2427Cross Site Scripting in thorsten/phpmyfaq
    from 0, < 3.1.13
  • MEDIUM6.1CVE-2023-2428phpMyFAQ vulnerable to Stored Cross-site Scripting
    from 0, < 3.1.13
  • MEDIUM6.1CVE-2023-0312thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
    from 0, < 3.1.10
  • MEDIUM6.1CVE-2023-0314phpMyFAQ Reflected Cross-site Scripting vulnerability
    from 0, < 3.1.10
  • MEDIUM6.1CVE-2022-4407phpMyFAQ vulnerable to Cross-site Scripting
    from 0, < 3.1.9
  • MEDIUM6.1CVE-2022-3766phpMyFAQ vulnerable to reflected Cross-site Scripting
    from 0, < 3.1.8
  • MEDIUM6.0CVE-2023-2998thorsten/phpmyfaq vulnerable to cross-site scripting
    from 0, < 3.1.14
  • MEDIUM5.5CVE-2023-1753phpMyFAQ has weak password requirements
    from 0, < 3.1.12
  • MEDIUM5.4CVE-2026-34974phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
    from 0, < 4.1.1
  • MEDIUM5.4CVE-2025-68951phpMyFAQ has Stored XSS in user list via admin-managed display_name
    >= 4.0.14, < 4.0.16
  • MEDIUM5.4CVE-2023-6889phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.1.17
  • MEDIUM5.4CVE-2023-6890phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.1.17
  • MEDIUM5.4CVE-2023-5867Cross-site Scripting (XSS) in thorsten/phpmyfaq
    from 0, < 3.2.2
  • MEDIUM5.4CVE-2023-2752phpMyFAQ vulnerable to stored Cross-site Scripting
    from 0, < 3.2.0-beta
  • MEDIUM5.4CVE-2023-2753phpMyFAQ vulnerable to stored Cross-site Scripting
    from 0, < 3.2.0-beta
  • MEDIUM5.4CVE-2023-1875Cross-site Scripting in thorsten/phpmyfaq
    from 0, < 3.1.12
  • MEDIUM5.4CVE-2023-1883thorsten/phpmyfaq vulnerable to improper access control
    from 0, < 3.1.12
  • MEDIUM5.4CVE-2023-1755phpMyFAQ Cross-site Scripting vulnerability
    from 0, < 3.1.12
  • MEDIUM5.4CVE-2023-1761phpMyFAQ Code Injection vulnerability
    from 0, < 3.1.12
  • MEDIUM5.4CVE-2023-0791Cross-site Scripting in thorsten/phpmyfaq
    from 0, < 3.1.11
  • MEDIUM5.4CVE-2023-0792Code Injection in thorsten/phpmyfaq
    from 0, < 3.1.11
  • MEDIUM5.4CVE-2023-0794Cross-site Scripting in thorsten/phpmyfaq
    from 0, < 3.1.11
  • MEDIUM5.4CVE-2023-0787Cross-site Scripting in thorsten/phpmyfaq
    from 0, < 3.1.11
  • MEDIUM5.4CVE-2023-0308phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.10
  • MEDIUM5.4CVE-2023-0306phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.10
  • MEDIUM5.4CVE-2023-0309phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.10
  • MEDIUM5.4CVE-2023-0313phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.10
  • MEDIUM5.4CVE-2023-0310phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.10
  • MEDIUM5.4CVE-2022-4408phpMyFAQ vulnerable to Cross-site Scripting
    from 0, < 3.1.9
  • MEDIUM5.4CVE-2022-3765phpMyFAQ vulnerable to stored Cross-site Scripting
    from 0, < 3.1.8
  • MEDIUM5.3CVE-2026-34973phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
    from 0, < 4.1.1
  • MEDIUM5.3CVE-2026-24422phpMyFAQ: Public API endpoints expose emails and invisible questions
    from 0, < 4.0.17
  • MEDIUM5.2CVE-2024-56199phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
    >= 3.2.10, <= 4.0.1
  • MEDIUM5.2CVE-2023-3469phpMyFAQ Cross-site Scripting
    from 0, < 3.2.0-beta.2
  • MEDIUM4.9CVE-2024-55889thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
    from 0, < 3.2.10
  • MEDIUM4.8CVE-2023-1759phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.12
  • MEDIUM4.8CVE-2023-1760phpMyFAQ Stored Cross-site Scripting vulnerability
    from 0, < 3.1.12
  • MEDIUM4.8CVE-2023-0786Cross-site Scripting in thorsten/phpmyfaq
    from 0, < 3.1.11
  • MEDIUM4.7CVE-2023-1884thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
    from 0, < 3.1.12
  • MEDIUM4.7CVE-2023-1879thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter
    from 0, < 3.1.12
  • MEDIUM4.7CVE-2023-1756thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
    from 0, < 3.1.12
  • MEDIUM4.7CVE-2023-1754phpMyFAQ vulnerable to improper input validation
    from 0, < 3.1.12
  • MEDIUM4.3CVE-2023-0880Misinterpretation of Input in thorsten/phpmyfaq
    from 0, < 3.1.11
  • CVE-2026-32629phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
    from 0, < 4.1.1
  • CVE-2023-0307phpMyFAQ has Weak Password Requirements
    from 0, < 3.1.10