Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

phpMyFAQ — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in phpMyFAQ, with AI-generated Chinese analysis, references, and POCs.

Vendor: thorsten

CVE IDTitleCVSSSeverityPaused
CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation CWE-79 5.4 Medium2026-04-02
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure CWE-943 8.2AIHighAI2026-04-02
CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes() CWE-79 6.1 Medium2026-04-02
CVE-2026-34728 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController CWE-22 8.7 High2026-04-02
CVE-2026-32629 phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor CWE-20 6.1AIMediumAI2026-04-02
CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint CWE-862 7.5 High2026-02-27
CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions CWE-200 5.3 Medium2026-01-24
CVE-2026-24420 phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) CWE-284 6.5 Medium2026-01-24
CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user CWE-862 6.5 Medium2026-01-24
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup CWE-202 7.5 High2025-12-29
CVE-2025-68951 phpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |raw CWE-79 5.4 Medium2025-12-29
CVE-2023-53929 phpMyFAQ 3.1.12 CSV Injection via User Profile Export CWE-1236 8.8 High2025-12-17
CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality CWE-89 7.2 High2025-11-17
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email CWE-286 8.1 High2025-10-03
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ CWE-79 5.2 Medium2025-01-02
CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames CWE-451 4.9 Medium2024-12-13
CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available CWE-209 8.6 High2024-12-06
CVE-2024-29196 phpMyFAQ Path Traversal in Attachments CWE-22 3.8 Low2024-03-26
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments CWE-79 4.8AIMediumAI2024-03-25
CVE-2024-28108 phpMyFAQ Stored HTML Injection at contentLink CWE-79 4.7 Medium2024-03-25
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry CWE-89 8.8 High2024-03-25
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content CWE-79 4.3 Medium2024-03-25
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE CWE-434 7.2 High2024-03-25
CVE-2024-27300 phpMyFAQ Stored XSS at user email CWE-79 5.5 Medium2024-03-25
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News" CWE-89 8.8 High2024-03-25
CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename CWE-79 6.5 Medium2024-02-05
CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes CWE-863 6.5 Medium2024-02-05
CVE-2024-22202 User Removal Page Allows Spoofing Of User Details CWE-284 5.7 Medium2024-02-05

All 28 known CVE vulnerabilities affecting phpMyFAQ with full Chinese analysis, references, and POCs where available.