Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/767201?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/767201?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.7", "type": "composer", "namespace": "thorsten", "name": "phpmyfaq", "version": "3.2.7", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.3", "latest_non_vulnerable_version": "4.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68252?format=api", "vulnerability_id": "VCID-1qwx-htn1-4bg8", "summary": "phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2036", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92161", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92165", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92167", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46364" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46364", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46364" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92", "reference_id": "b9f25109fddb38eee19987183798638d07943f92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92" }, { "reference_url": "https://github.com/advisories/GHSA-289f-fq7w-6q2w", "reference_id": "GHSA-289f-fq7w-6q2w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-289f-fq7w-6q2w" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w", "reference_id": "GHSA-289f-fq7w-6q2w", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha", "reference_id": "phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46364", "GHSA-289f-fq7w-6q2w" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwx-htn1-4bg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59507?format=api", "vulnerability_id": "VCID-2bsv-7dt5-6qcu", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09124", "scoring_system": "epss", "scoring_elements": "0.92857", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.09124", "scoring_system": "epss", "scoring_elements": "0.9288", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.09124", "scoring_system": "epss", "scoring_elements": "0.92881", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55889" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55889", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55889" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt", "reference_id": "CVE-2024-55889", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d", "reference_id": "fa0f7368dc3288eedb1915def64ef8fb270f711d", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d" }, { "reference_url": "https://github.com/advisories/GHSA-m3r7-8gw7-qwvc", "reference_id": "GHSA-m3r7-8gw7-qwvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3r7-8gw7-qwvc" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc", "reference_id": "GHSA-m3r7-8gw7-qwvc", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372314?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5ez6-qnbc-nfgb" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.10" } ], "aliases": [ "CVE-2024-55889", "GHSA-m3r7-8gw7-qwvc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bsv-7dt5-6qcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83111?format=api", "vulnerability_id": "VCID-57ev-2w6v-mbbs", "summary": "phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50491", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50496", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50509", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50358", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24421" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt", "reference_id": "CVE-2026-24421", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24421", "reference_id": "CVE-2026-24421", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24421" }, { "reference_url": "https://github.com/advisories/GHSA-wm8h-26fv-mg7g", "reference_id": "GHSA-wm8h-26fv-mg7g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm8h-26fv-mg7g" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g", "reference_id": "GHSA-wm8h-26fv-mg7g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:22Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38149?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24421", "GHSA-wm8h-26fv-mg7g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57ev-2w6v-mbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68191?format=api", "vulnerability_id": "VCID-5pw3-qxh6-6ufr", "summary": "phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23541", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23563", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23355", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46366" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46366" }, { "reference_url": "https://github.com/advisories/GHSA-99qv-g4x9-mgc3", "reference_id": "GHSA-99qv-g4x9-mgc3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99qv-g4x9-mgc3" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3", "reference_id": "GHSA-99qv-g4x9-mgc3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass", "reference_id": "phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46366", "GHSA-99qv-g4x9-mgc3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pw3-qxh6-6ufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102633?format=api", "vulnerability_id": "VCID-5wsg-7979-dqgs", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30546", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3035", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62519" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14", "reference_id": "4.0.13...4.0.14", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62519", "reference_id": "CVE-2025-62519", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62519" }, { "reference_url": "https://github.com/advisories/GHSA-fxm2-cmwj-qvx4", "reference_id": "GHSA-fxm2-cmwj-qvx4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxm2-cmwj-qvx4" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4", "reference_id": "GHSA-fxm2-cmwj-qvx4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35278?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-x8f6-wx6k-f3d5" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.14" } ], "aliases": [ "CVE-2025-62519", "GHSA-fxm2-cmwj-qvx4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wsg-7979-dqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83252?format=api", "vulnerability_id": "VCID-6jmj-n5mz-bba8", "summary": "phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03833", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03857", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03844", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03854", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24420" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24420", "reference_id": "CVE-2026-24420", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24420" }, { "reference_url": "https://github.com/advisories/GHSA-7p9h-m7m8-vhhv", "reference_id": "GHSA-7p9h-m7m8-vhhv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p9h-m7m8-vhhv" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv", "reference_id": "GHSA-7p9h-m7m8-vhhv", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T15:00:41Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38149?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24420", "GHSA-7p9h-m7m8-vhhv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmj-n5mz-bba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68138?format=api", "vulnerability_id": "VCID-7tpb-1avq-zfhu", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01334", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01347", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01344", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01337", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46361" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46361", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46361" }, { "reference_url": "https://github.com/advisories/GHSA-pqh6-8fxf-jx22", "reference_id": "GHSA-pqh6-8fxf-jx22", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqh6-8fxf-jx22" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22", "reference_id": "GHSA-pqh6-8fxf-jx22", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig", "reference_id": "phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46361", "GHSA-pqh6-8fxf-jx22" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-1avq-zfhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69892?format=api", "vulnerability_id": "VCID-8k51-budg-h3ak", "summary": "phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01073", "published_at": "2026-06-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01082", "published_at": "2026-06-14T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0108", "published_at": "2026-06-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01076", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45007" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45007", "reference_id": "CVE-2026-45007", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45007" }, { "reference_url": "https://github.com/advisories/GHSA-rm98-82fr-mcfx", "reference_id": "GHSA-rm98-82fr-mcfx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm98-82fr-mcfx" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx", "reference_id": "GHSA-rm98-82fr-mcfx", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure", "reference_id": "phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45007", "GHSA-rm98-82fr-mcfx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8k51-budg-h3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359189?format=api", "vulnerability_id": "VCID-9mx6-54u5-fugf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.127", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1279", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12799", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12781", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34974" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34974", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34974" }, { "reference_url": "https://github.com/advisories/GHSA-5crx-pfhq-4hgg", "reference_id": "GHSA-5crx-pfhq-4hgg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5crx-pfhq-4hgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373289?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-34974", "GHSA-5crx-pfhq-4hgg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mx6-54u5-fugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30801?format=api", "vulnerability_id": "VCID-b64e-gffa-5kg7", "summary": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60264", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60258", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60253", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60147", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54141" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54141", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54141" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe", "reference_id": "b9289a0b2233df864361c131cd177b6715fbb0fe", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe" }, { "reference_url": "https://github.com/advisories/GHSA-vrjr-p3xp-xx2x", "reference_id": "GHSA-vrjr-p3xp-xx2x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrjr-p3xp-xx2x" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x", "reference_id": "GHSA-vrjr-p3xp-xx2x", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372524?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5ez6-qnbc-nfgb" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.0" } ], "aliases": [ "CVE-2024-54141", "GHSA-vrjr-p3xp-xx2x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b64e-gffa-5kg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68143?format=api", "vulnerability_id": "VCID-ecpv-3xqn-eqf8", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08949", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08901", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46360" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46360", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46360" }, { "reference_url": "https://github.com/advisories/GHSA-whqh-9pq5-c7r3", "reference_id": "GHSA-whqh-9pq5-c7r3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whqh-9pq5-c7r3" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3", "reference_id": "GHSA-whqh-9pq5-c7r3", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer", "reference_id": "phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46360", "GHSA-whqh-9pq5-c7r3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecpv-3xqn-eqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80126?format=api", "vulnerability_id": "VCID-emzq-e5ru-w3cx", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19686", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19689", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19515", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1971", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27836" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27836", "reference_id": "CVE-2026-27836", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27836" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1", "reference_id": "f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1" }, { "reference_url": "https://github.com/advisories/GHSA-w22q-m2fm-x9f4", "reference_id": "GHSA-w22q-m2fm-x9f4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w22q-m2fm-x9f4" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4", "reference_id": "GHSA-w22q-m2fm-x9f4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39980?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-27836", "GHSA-w22q-m2fm-x9f4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emzq-e5ru-w3cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83223?format=api", "vulnerability_id": "VCID-p68j-sbvd-yuh4", "summary": "phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along with user email addresses, with similar exposures present in comment, news, and FAQ APIs. This information disclosure vulnerability could enable attackers to harvest email addresses for phishing campaigns or access content that was explicitly marked as private. This issue has been fixed in version 4.0.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06222", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06194", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06211", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24422" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24422", "reference_id": "CVE-2026-24422", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24422" }, { "reference_url": "https://github.com/advisories/GHSA-j4rc-96xj-gvqc", "reference_id": "GHSA-j4rc-96xj-gvqc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4rc-96xj-gvqc" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc", "reference_id": "GHSA-j4rc-96xj-gvqc", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T14:57:47Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38149?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24422", "GHSA-j4rc-96xj-gvqc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p68j-sbvd-yuh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74750?format=api", "vulnerability_id": "VCID-q6zp-tnjb-pye3", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29774", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29776", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29577", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29792", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34973" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34973", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34973" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1", "reference_id": "4.1.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1" }, { "reference_url": "https://github.com/advisories/GHSA-gcp9-5jc8-976x", "reference_id": "GHSA-gcp9-5jc8-976x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcp9-5jc8-976x" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x", "reference_id": "GHSA-gcp9-5jc8-976x", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373289?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-34973", "GHSA-gcp9-5jc8-976x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6zp-tnjb-pye3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359156?format=api", "vulnerability_id": "VCID-qhsm-g24v-k7gj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41566", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41732", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41751", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4174", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32629" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32629", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32629" }, { "reference_url": "https://github.com/advisories/GHSA-98gw-w575-h2ph", "reference_id": "GHSA-98gw-w575-h2ph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98gw-w575-h2ph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373289?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-32629", "GHSA-98gw-w575-h2ph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsm-g24v-k7gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69871?format=api", "vulnerability_id": "VCID-rrz3-kbbd-eyhq", "summary": "phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41229", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4124", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41249", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41063", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45010" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45010" }, { "reference_url": "https://github.com/advisories/GHSA-9pq7-mfwh-xx2j", "reference_id": "GHSA-9pq7-mfwh-xx2j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9pq7-mfwh-xx2j" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j", "reference_id": "GHSA-9pq7-mfwh-xx2j", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint", "reference_id": "phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45010", "GHSA-9pq7-mfwh-xx2j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrz3-kbbd-eyhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68194?format=api", "vulnerability_id": "VCID-tpbv-urbk-h7gf", "summary": "phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10145", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10135", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1015", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10098", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46359" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46359", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46359" }, { "reference_url": "https://github.com/advisories/GHSA-pm8c-3qq3-72w7", "reference_id": "GHSA-pm8c-3qq3-72w7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm8c-3qq3-72w7" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7", "reference_id": "GHSA-pm8c-3qq3-72w7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields", "reference_id": "phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46359", "GHSA-pm8c-3qq3-72w7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpbv-urbk-h7gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69890?format=api", "vulnerability_id": "VCID-txxg-bugj-6bd4", "summary": "phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15496", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15471", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15503", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45008" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45008", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45008" }, { "reference_url": "https://github.com/advisories/GHSA-gh9p-q46p-57g2", "reference_id": "GHSA-gh9p-q46p-57g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh9p-q46p-57g2" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2", "reference_id": "GHSA-gh9p-q46p-57g2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter", "reference_id": "phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45008", "GHSA-gh9p-q46p-57g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txxg-bugj-6bd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/123709?format=api", "vulnerability_id": "VCID-u37t-naar-pbav", "summary": "phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-69200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86195", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86197", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86186", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86136", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-69200" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a", "reference_id": "b0e99ee3695152115841cb546d8dce64ceb8c29a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69200", "reference_id": "CVE-2025-69200", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69200" }, { "reference_url": "https://github.com/advisories/GHSA-9cg9-4h4f-j6fg", "reference_id": "GHSA-9cg9-4h4f-j6fg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9cg9-4h4f-j6fg" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg", "reference_id": "GHSA-9cg9-4h4f-j6fg", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36384?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.16" } ], "aliases": [ "CVE-2025-69200", "GHSA-9cg9-4h4f-j6fg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u37t-naar-pbav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68157?format=api", "vulnerability_id": "VCID-vjqh-59nn-5ude", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08949", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08901", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46363" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46363", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46363" }, { "reference_url": "https://github.com/advisories/GHSA-f5p7-2c9q-8896", "reference_id": "GHSA-f5p7-2c9q-8896", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f5p7-2c9q-8896" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896", "reference_id": "GHSA-f5p7-2c9q-8896", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass", "reference_id": "phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46363", "GHSA-f5p7-2c9q-8896" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjqh-59nn-5ude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360347?format=api", "vulnerability_id": "VCID-yckn-74u4-pkaw", "summary": "phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags\n## Summary\n\nThe `TagController::delete()` endpoint at `DELETE /admin/api/content/tags/{tagId}` only verifies that the user is logged in (`userIsAuthenticated()`), but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with `TagController::update()` and `TagController::search()`, which both enforce the `FAQ_EDIT` permission.\n\n## Details\n\nIn `phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/TagController.php`, the `delete()` method (line 121-133) uses only `$this->userIsAuthenticated()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n $this->userIsAuthenticated(); // Only checks isLoggedIn() — no permission check\n\n $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n if ($this->tags->delete($tagId)) {\n return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n }\n\n return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nCompare with `update()` (line 48-71) which properly enforces authorization:\n\n```php\npublic function update(Request $request): JsonResponse\n{\n $this->userHasPermission(PermissionType::FAQ_EDIT); // Proper permission check\n // ... also verifies CSRF token ...\n}\n```\n\nThe `userIsAuthenticated()` method in `AbstractController` (line 258-263) only checks `$this->currentUser->isLoggedIn()`:\n\n```php\nprotected function userIsAuthenticated(): void\n{\n if (!$this->currentUser->isLoggedIn()) {\n throw new UnauthorizedHttpException(challenge: 'User is not authenticated.');\n }\n}\n```\n\nThere is no admin-level middleware in the `Kernel` — it registers only RouterListener, LanguageListener, ControllerContainerListener, and exception listeners. The admin API entry point (`admin/api/index.php`) shares the same bootstrap and session as the frontend, meaning a frontend user's session cookie is valid for admin API requests.\n\nAdditionally, this endpoint lacks CSRF token verification (unlike `update()`), though the primary issue is the missing authorization since the attack vector is a logged-in user acting directly.\n\n## PoC\n\n```bash\n# Step 1: Register as a regular user on the phpMyFAQ frontend\n# (or use any existing non-admin authenticated session)\n\n# Step 2: As the authenticated non-admin user, delete tag with ID 1:\ncurl -X DELETE 'https://target.com/admin/api/content/tags/1' \\\n -H 'Cookie: PHPSESSID=<regular_user_session>'\n\n# Expected: 401 or 403 (user lacks FAQ_EDIT permission)\n# Actual: 200 OK with {\"success\": \"...\"}\n\n# Step 3: Enumerate and delete all tags:\nfor i in $(seq 1 100); do\n curl -s -X DELETE \"https://target.com/admin/api/content/tags/$i\" \\\n -H 'Cookie: PHPSESSID=<regular_user_session>'\ndone\n```\n\n## Impact\n\nAny authenticated user (including regular frontend users who registered through the public registration form) can delete all tags in the phpMyFAQ instance. This results in:\n\n- **Data integrity loss:** Tags are permanently deleted from the database. All FAQ-to-tag associations are destroyed.\n- **Disruption of FAQ organization:** Tag-based navigation, filtering, and tag clouds become empty or broken.\n- **No recoverability without backup:** Deleted tags and their associations cannot be restored without a database backup.\n\nThe impact is limited to tags (not FAQ content itself), but in large installations with extensive tag taxonomies, this could significantly degrade usability.\n\n## Recommended Fix\n\nAdd the `FAQ_EDIT` permission check and CSRF token verification to `TagController::delete()`, consistent with `TagController::update()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n $this->userHasPermission(PermissionType::FAQ_EDIT);\n\n $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n if ($this->tags->delete($tagId)) {\n return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n }\n\n return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nAt minimum, add `$this->userHasPermission(PermissionType::FAQ_EDIT)` to enforce the same authorization as the update and search endpoints. Consider also adding a dedicated `TAG_DELETE` permission type for more granular access control.", "references": [ { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/advisories/GHSA-7cx3-2qx2-3g6w", "reference_id": "GHSA-7cx3-2qx2-3g6w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cx3-2qx2-3g6w" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w", "reference_id": "GHSA-7cx3-2qx2-3g6w", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "GHSA-7cx3-2qx2-3g6w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yckn-74u4-pkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68203?format=api", "vulnerability_id": "VCID-zr1w-jzzj-a7gd", "summary": "phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15029", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14999", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15028", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14909", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46362" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46362", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46362" }, { "reference_url": "https://github.com/advisories/GHSA-hpgw-ww76-c68r", "reference_id": "GHSA-hpgw-ww76-c68r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hpgw-ww76-c68r" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r", "reference_id": "GHSA-hpgw-ww76-c68r", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check", "reference_id": "phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46362", "GHSA-hpgw-ww76-c68r" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1w-jzzj-a7gd" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.7" }