Search for packages
| purl | pkg:composer/thorsten/phpmyfaq@3.1.10 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-15bx-wfer-qygk
Aliases: CVE-2023-2429 GHSA-r69v-q48g-3966 |
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. |
Affected by 23 other vulnerabilities. |
|
VCID-15yp-h3fj-pbb1
Aliases: CVE-2023-2427 GHSA-5xq3-7mw9-wj5p |
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13. |
Affected by 23 other vulnerabilities. |
|
VCID-1kny-sn17-gbdz
Aliases: CVE-2023-5320 GHSA-pp4w-g5p4-85p2 |
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. |
Affected by 9 other vulnerabilities. |
|
VCID-1q6p-7t7t-87e5
Aliases: CVE-2023-5317 GHSA-5jwv-m8h3-69cg |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. |
Affected by 9 other vulnerabilities. |
|
VCID-1rpy-1jkw-w3fx
Aliases: CVE-2023-0880 GHSA-f9c6-4j9h-6c5r |
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-2bb7-xtyn-dbcq
Aliases: CVE-2023-5864 GHSA-g5hp-328h-jj98 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1. |
Affected by 8 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-2bsv-7dt5-6qcu
Aliases: CVE-2024-55889 GHSA-m3r7-8gw7-qwvc |
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue. |
Affected by 4 other vulnerabilities. |
|
VCID-2wd2-u5mg-suh4
Aliases: CVE-2023-5867 GHSA-prrv-r843-4p75 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. |
Affected by 4 other vulnerabilities. |
|
VCID-4ej8-n833-fuf4
Aliases: CVE-2023-1756 GHSA-8p48-ghv5-7qq7 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-5wsg-7979-dqgs
Aliases: CVE-2025-62519 GHSA-fxm2-cmwj-qvx4 |
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14. |
Affected by 2 other vulnerabilities. |
|
VCID-6w5z-nvj8-wke8
Aliases: CVE-2023-5865 GHSA-f728-prhw-2g68 |
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. |
Affected by 4 other vulnerabilities. |
|
VCID-8fkr-xfw6-ffcj
Aliases: CVE-2023-1759 GHSA-4wfc-ghv5-2v7j |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-8tff-qn8m-r3hc
Aliases: CVE-2023-1875 GHSA-ch5w-2994-6h82 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-8vqk-5ha5-4bae
Aliases: CVE-2023-2753 GHSA-vppq-6ff8-2m8w |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta. |
Affected by 10 other vulnerabilities. |
|
VCID-ajev-ydxv-nbd5
Aliases: CVE-2023-1879 GHSA-m9qm-m5w5-9pgj |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-aku3-vveb-gugg
Aliases: CVE-2023-1886 GHSA-4cr4-x82x-hwm9 |
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-ax4d-t793-8bas
Aliases: CVE-2023-0786 GHSA-jfpg-jggf-rpph |
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-b214-zgc8-4qdh
Aliases: CVE-2023-1882 GHSA-jph3-3j24-pg3j |
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-b4yy-mtkz-hybq
Aliases: CVE-2023-1878 GHSA-gcmq-7652-x98j |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-b64e-gffa-5kg7
Aliases: CVE-2024-54141 GHSA-vrjr-p3xp-xx2x |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0. |
Affected by 3 other vulnerabilities. |
|
VCID-bfsb-58cj-mfaa
Aliases: CVE-2023-1758 GHSA-3j93-7rf7-p7m6 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-c229-su7g-v3dg
Aliases: CVE-2023-2550 GHSA-5mf7-p346-7rm8 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. |
Affected by 23 other vulnerabilities. |
|
VCID-cjzd-5q9t-nfek
Aliases: CVE-2023-1760 GHSA-7q9c-f2v8-j8gw |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-cnr9-cykp-bbaw
Aliases: CVE-2023-53929 GHSA-x2v3-9p22-w3x6 |
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file. |
Affected by 23 other vulnerabilities. |
|
VCID-e4ep-gxfy-jbah
Aliases: CVE-2023-5866 GHSA-34w4-wrqp-j47g |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. |
Affected by 8 other vulnerabilities. |
|
VCID-e6u1-1y99-5khx
Aliases: CVE-2023-0789 GHSA-6vp5-vv9p-7q62 |
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-gj1u-m1qq-1qb1
Aliases: CVE-2023-1885 GHSA-xxm6-ff3x-v4vm |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-gnxm-rq5g-g3d9
Aliases: CVE-2023-1887 GHSA-gx43-fqrx-6fcw |
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-gvt4-1vk8-8fbx
Aliases: CVE-2023-1883 GHSA-2wjp-w7g7-h63q |
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-h2wj-7wb2-x3hz
Aliases: CVE-2023-3469 GHSA-v6g2-jwrm-h5r5 |
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. |
Affected by 9 other vulnerabilities. |
|
VCID-hygm-7h9w-x7cs
Aliases: CVE-2023-1762 GHSA-xww4-w6ff-5q3g |
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-jq9j-su28-xken
Aliases: CVE-2023-0791 GHSA-c38p-vw6j-qjpr |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-kfmg-41jk-qfh6
Aliases: CVE-2023-1755 GHSA-hp8m-g55r-9cfq |
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-kppj-ng9a-9fhs
Aliases: CVE-2023-6889 GHSA-w8xj-992g-842f |
Affected by 14 other vulnerabilities. |
|
|
VCID-naqh-qumg-37gh
Aliases: CVE-2023-2428 GHSA-8595-6653-96p2 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. |
Affected by 23 other vulnerabilities. |
|
VCID-pb65-wunz-tye6
Aliases: CVE-2023-2999 GHSA-94r7-63g8-c4jw |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. |
Affected by 19 other vulnerabilities. |
|
VCID-qb4k-vsfg-wycb
Aliases: CVE-2023-0788 GHSA-r6cw-356h-mvwg |
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-qpnp-kehq-f7gm
Aliases: CVE-2023-1884 GHSA-gmjj-g2rm-xwm7 |
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-qrn1-cpad-puht
Aliases: CVE-2023-0790 GHSA-6vv4-qq3r-9rv8 |
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-r24s-k7p3-f7e4
Aliases: CVE-2023-0792 GHSA-wjrj-jc3w-ppfw |
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-rp5d-6b4k-33g5
Aliases: CVE-2023-4006 GHSA-2xvx-368h-qcmv |
Affected by 16 other vulnerabilities. |
|
|
VCID-rrh1-efbq-tugt
Aliases: CVE-2023-1880 GHSA-m8q9-7v2f-qjx9 |
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-spjh-4tvh-gyca
Aliases: CVE-2023-1754 GHSA-gvg8-r8w2-9gfj |
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-tq9d-mguz-8bhp
Aliases: CVE-2023-1753 GHSA-4p4m-5qp7-479x |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-ty89-v3b2-7yf7
Aliases: CVE-2023-0793 GHSA-fxrq-xhj9-rf5j |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-u37t-naar-pbav
Aliases: CVE-2025-69200 GHSA-9cg9-4h4f-j6fg |
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue. |
Affected by 3 other vulnerabilities. |
|
VCID-uerm-mjrz-vyg4
Aliases: CVE-2023-5227 GHSA-qcjg-hvg6-hxcp |
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. |
Affected by 9 other vulnerabilities. |
|
VCID-ufhy-fdmw-hkdv
Aliases: CVE-2023-5319 GHSA-j5ww-5xf4-hqm2 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. |
Affected by 9 other vulnerabilities. |
|
VCID-wcpf-w4c4-ubba
Aliases: CVE-2023-2752 GHSA-j657-pjgc-c4h6 |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta. |
Affected by 10 other vulnerabilities. |
|
VCID-x1gz-3d4a-1qdy
Aliases: CVE-2023-4007 GHSA-q9vm-29ph-p7mp |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16. |
Affected by 16 other vulnerabilities. |
|
VCID-xt5z-y1n5-37fn
Aliases: CVE-2023-5863 GHSA-j4vj-w5rj-8grw |
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. |
Affected by 4 other vulnerabilities. |
|
VCID-yh2p-b5px-b7hz
Aliases: CVE-2023-1757 GHSA-jvjx-qqh7-6x6c |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
Affected by 28 other vulnerabilities. |
|
VCID-yn5s-m3hv-7be8
Aliases: CVE-2023-2998 GHSA-974q-4vvr-vg9c |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. |
Affected by 19 other vulnerabilities. |
|
VCID-z4qa-mnne-pyay
Aliases: CVE-2023-6890 GHSA-4h37-q5j3-hw96 |
Affected by 14 other vulnerabilities. |
|
|
VCID-z8kb-6u51-8bd9
Aliases: CVE-2023-5316 GHSA-58v7-58c2-qwm9 |
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. |
Affected by 9 other vulnerabilities. |
|
VCID-zaaf-n1z8-v7b3
Aliases: CVE-2023-0794 GHSA-gf34-hh5r-f74h |
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
|
VCID-zwsu-pwxb-u3h5
Aliases: CVE-2023-0787 GHSA-gxxj-x426-xj2w |
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
Affected by 47 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8hxw-rvte-33a1 | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0314
GHSA-m9xr-8cx7-53pj |
| VCID-btr7-sehp-zbac | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0312
GHSA-6449-vf6p-9hfp |
| VCID-dc77-t7y6-z3ab | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0309
GHSA-25c3-7fvj-v45j |
| VCID-fnfe-xws9-8bgg | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0310
GHSA-9jff-8xmm-mw22 |
| VCID-gsjf-hmab-ruew | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0308
GHSA-w475-749h-c77m |
| VCID-m9y5-g412-zbeh | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0307
GHSA-4p88-cfhq-f3vg |
| VCID-mt7j-r561-tubz | Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0311
GHSA-g92r-9rxw-cmgx |
| VCID-v4hc-w2g2-63f5 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0306
GHSA-96x6-jf5w-84c5 |
| VCID-x4fs-3h7u-4bbe | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. |
CVE-2023-0313
GHSA-x2h8-4mhh-5hwh |