Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15808 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | |||||
| CVE-2017-15729 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | |||||
| CVE-2017-15732 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | |||||
| CVE-2017-15735 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | |||||
| CVE-2017-15731 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | |||||
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |||||
| CVE-2017-15733 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | |||||
| CVE-2017-15728 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 3.5 LOW | 4.8 MEDIUM |
| In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | |||||
| CVE-2017-14619 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | |||||
| CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-22 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | |||||
| CVE-2014-0813 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. | |||||
| CVE-2010-4821 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||||
| CVE-2007-1032 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." | |||||
| CVE-2006-6912 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | |||||
| CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-10 | 5.0 MEDIUM | N/A |
| PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | |||||
| CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-10 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | |||||
| CVE-2004-2257 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-10 | 5.0 MEDIUM | N/A |
| phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | |||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | |||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||||
| CVE-2005-3047 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php. | |||||