Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: phpmyfaq Clear
ID Title
CVE-2026-46367 Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
CVE-2017-15809 In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
CVE-2017-15808 In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE-2017-15732 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
CVE-2017-15735 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVE-2017-15734 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVE-2017-15733 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-15733)
vulnerability in csrf (CVE-2017-15733). Successful exploitation can lead to full system takeover.
CVE-2017-15731 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
CVE-2017-15730 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVE-2017-15729 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
CVE-2017-15728 Cross-Site Scripting (XSS) in phpmyfaq (CVE-2017-15728)
cross-site scripting in phpmyfaq (CVE-2017-15728). Risk of unauthorized operations or information disclosure.
CVE-2017-15727 In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
CVE-2017-14619 Cross-Site Scripting (XSS) in phpmyfaq (CVE-2017-14619)
cross-site scripting in phpmyfaq (CVE-2017-14619). Risk of unauthorized operations or information disclosure.
CVE-2017-14618 Cross-Site Scripting (XSS) in phpmyfaq (CVE-2017-14618)
cross-site scripting in phpmyfaq (CVE-2017-14618). Risk of unauthorized operations or information disclosure.
CVE-2017-11187 Vulnerability in phpmyfaq (CVE-2017-11187)
vulnerability in phpmyfaq (CVE-2017-11187). Successful exploitation can lead to full system takeover.
CVE-2017-7579 inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →