pkg:Packagist/phpmyfaq/phpmyfaq

共 25 筆 CVEHIGH11MEDIUM12LOW1

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.8CVE-2026-35671phpMyFAQ: IDOR Account Takeover
    from 0, < 4.1.3
  • HIGH8.8CVE-2023-53929phpMyFAQ contains a CSV injection vulnerability
    from 0, <= 3.1.12
  • HIGH8.8CVE-2024-28107phpMyFAQ SQL injections at insertentry & saveentry
    >= 3.2.5, < 3.2.6
  • HIGH8.8CVE-2024-27299phpMyFAQ SQL Injection at "Save News"
    >= 3.2.5, < 3.2.6
  • HIGH8.7CVE-2026-34728phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController
    from 0, < 4.1.1
  • HIGH8.4CVE-2022-3608phpMyFAQ vulnerable to Cross-site Scripting
    from 0, < 3.2.0-alpha
  • HIGH8.2CVE-2026-35675phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
    from 0, < 4.1.3
  • HIGH8.2CVE-2026-35676phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
    from 0, < 4.1.3
  • HIGH7.5CVE-2026-35672phpMyFAQ: Default Empty API Token Authentication Bypass
    from 0, < 4.1.3
  • HIGH7.2CVE-2025-62519phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
    from 0, < 4.0.14
  • HIGH7.2CVE-2024-28105phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
    >= 3.2.5, < 3.2.6
  • MEDIUM6.5CVE-2026-24421phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
    from 0, < 4.0.17
  • MEDIUM6.5CVE-2026-24420phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
    from 0, < 4.0.17
  • MEDIUM6.5CVE-2024-24574phpMyFAQ vulnerable to stored XSS on attachments filename
    from 0, < 3.2.5
  • MEDIUM6.5CVE-2024-22208phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
    from 0, < 3.2.5
  • MEDIUM6.1CVE-2026-34729phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
    from 0, < 4.1.1
  • MEDIUM5.7CVE-2024-22202phpMyFAQ User Removal Page Allows Spoofing Of User Details
    from 0, < 3.2.5
  • MEDIUM5.5CVE-2024-27300phpMyFAQ stored Cross-site Scripting at user email
    >= 3.2.5, < 3.2.6
  • MEDIUM5.3CVE-2026-24422phpMyFAQ: Public API endpoints expose emails and invisible questions
    from 0, < 4.0.17
  • MEDIUM5.2CVE-2024-56199phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
    >= 3.2.10, <= 4.0.1
  • MEDIUM5.1CVE-2024-28108phpMyFAQ Stored HTML Injection at contentLink
    >= 3.2.5, < 3.2.6
  • MEDIUM4.3CVE-2024-28106phpMyFAQ Stored Cross-site Scripting at FAQ News Content
    >= 3.2.5, < 3.2.6
  • MEDIUM4.3CVE-2024-29179phpMyFAQ Stored Cross-site Scripting at File Attachments
    >= 3.2.5, < 3.2.6
  • LOW3.8CVE-2024-29196phpMyFAQ Path Traversal in Attachments
    >= 3.2.5, < 3.2.6
  • CVE-2026-32629phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
    from 0, < 4.1.1