{"url":"http://public2.vulnerablecode.io/api/packages/28753?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.5","type":"composer","namespace":"phpmyfaq","name":"phpmyfaq","version":"3.2.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.3","latest_non_vulnerable_version":"4.1.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40160?format=json","vulnerability_id":"VCID-129s-b67r-uyfw","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases.  A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28107","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.68064","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.68067","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.68055","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67966","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28107"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28107","reference_id":"CVE-2024-28107","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28107"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007","reference_id":"d0fae62a72615d809e6710861c1a7f67ac893007","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-26T19:30:27Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007"},{"reference_url":"https://github.com/advisories/GHSA-2grw-mc9r-822r","reference_id":"GHSA-2grw-mc9r-822r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2grw-mc9r-822r"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r","reference_id":"GHSA-2grw-mc9r-822r","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-26T19:30:27Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-28107","GHSA-2grw-mc9r-822r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-129s-b67r-uyfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68252?format=json","vulnerability_id":"VCID-1qwx-htn1-4bg8","summary":"phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46364","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2036","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92161","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92165","published_at":"2026-06-14T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92167","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46364"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46364","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46364"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92","reference_id":"b9f25109fddb38eee19987183798638d07943f92","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92"},{"reference_url":"https://github.com/advisories/GHSA-289f-fq7w-6q2w","reference_id":"GHSA-289f-fq7w-6q2w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-289f-fq7w-6q2w"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w","reference_id":"GHSA-289f-fq7w-6q2w","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha","reference_id":"phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46364","GHSA-289f-fq7w-6q2w"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwx-htn1-4bg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359183?format=json","vulnerability_id":"VCID-2na9-t3m7-wfhn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34729","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16466","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1661","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16622","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16595","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34729"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-cv2g-8cj8-vgc7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-cv2g-8cj8-vgc7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34729","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34729"},{"reference_url":"https://github.com/advisories/GHSA-cv2g-8cj8-vgc7","reference_id":"GHSA-cv2g-8cj8-vgc7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cv2g-8cj8-vgc7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373458?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-34729","GHSA-cv2g-8cj8-vgc7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2na9-t3m7-wfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39896?format=json","vulnerability_id":"VCID-5256-zeqq-yqas","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28105","reference_id":"","reference_type":"","scores":[{"value":"0.03088","scoring_system":"epss","scoring_elements":"0.87125","published_at":"2026-06-14T12:55:00Z"},{"value":"0.03088","scoring_system":"epss","scoring_elements":"0.87119","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03088","scoring_system":"epss","scoring_elements":"0.87073","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03088","scoring_system":"epss","scoring_elements":"0.87128","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28105"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7","reference_id":"9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-25T19:39:05Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28105","reference_id":"CVE-2024-28105","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28105"},{"reference_url":"https://github.com/advisories/GHSA-pwh2-fpfr-x5gf","reference_id":"GHSA-pwh2-fpfr-x5gf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pwh2-fpfr-x5gf"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf","reference_id":"GHSA-pwh2-fpfr-x5gf","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-25T19:39:05Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-28105","GHSA-pwh2-fpfr-x5gf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5256-zeqq-yqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55649?format=json","vulnerability_id":"VCID-527w-e1dv-qyhe","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27300","reference_id":"","reference_type":"","scores":[{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.74351","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.74353","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.7434","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00787","scoring_system":"epss","scoring_elements":"0.74266","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27300"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459","reference_id":"09336b0ff0e0a04aa0c97c5975651af4769d2459","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T19:29:59Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27300","reference_id":"CVE-2024-27300","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27300"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209","reference_id":"de90315c9bd4ead5fe6ba5586f6b016843aa8209","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T19:29:59Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209"},{"reference_url":"https://github.com/advisories/GHSA-q7g6-xfh2-vhpx","reference_id":"GHSA-q7g6-xfh2-vhpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q7g6-xfh2-vhpx"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx","reference_id":"GHSA-q7g6-xfh2-vhpx","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T19:29:59Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-27300","GHSA-q7g6-xfh2-vhpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-527w-e1dv-qyhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83111?format=json","vulnerability_id":"VCID-57ev-2w6v-mbbs","summary":"phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24421","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50491","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50496","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50509","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50358","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24421"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt","reference_id":"CVE-2026-24421","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24421","reference_id":"CVE-2026-24421","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24421"},{"reference_url":"https://github.com/advisories/GHSA-wm8h-26fv-mg7g","reference_id":"GHSA-wm8h-26fv-mg7g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wm8h-26fv-mg7g"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g","reference_id":"GHSA-wm8h-26fv-mg7g","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38148?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/932214?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24421","GHSA-wm8h-26fv-mg7g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57ev-2w6v-mbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68191?format=json","vulnerability_id":"VCID-5pw3-qxh6-6ufr","summary":"phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46366","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23541","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23563","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23355","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46366"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46366"},{"reference_url":"https://github.com/advisories/GHSA-99qv-g4x9-mgc3","reference_id":"GHSA-99qv-g4x9-mgc3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99qv-g4x9-mgc3"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3","reference_id":"GHSA-99qv-g4x9-mgc3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass","reference_id":"phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46366","GHSA-99qv-g4x9-mgc3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pw3-qxh6-6ufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102633?format=json","vulnerability_id":"VCID-5wsg-7979-dqgs","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62519","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30546","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3035","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35551","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35568","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62519"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14","reference_id":"4.0.13...4.0.14","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62519","reference_id":"CVE-2025-62519","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62519"},{"reference_url":"https://github.com/advisories/GHSA-fxm2-cmwj-qvx4","reference_id":"GHSA-fxm2-cmwj-qvx4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxm2-cmwj-qvx4"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4","reference_id":"GHSA-fxm2-cmwj-qvx4","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35277?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.14"}],"aliases":["CVE-2025-62519","GHSA-fxm2-cmwj-qvx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wsg-7979-dqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83252?format=json","vulnerability_id":"VCID-6jmj-n5mz-bba8","summary":"phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24420","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03833","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03857","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03844","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03854","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24420"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24420","reference_id":"CVE-2026-24420","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24420"},{"reference_url":"https://github.com/advisories/GHSA-7p9h-m7m8-vhhv","reference_id":"GHSA-7p9h-m7m8-vhhv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7p9h-m7m8-vhhv"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv","reference_id":"GHSA-7p9h-m7m8-vhhv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T15:00:41Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38148?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/932214?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24420","GHSA-7p9h-m7m8-vhhv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmj-n5mz-bba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68138?format=json","vulnerability_id":"VCID-7tpb-1avq-zfhu","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46361","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01334","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01347","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01344","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01337","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46361"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46361","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46361"},{"reference_url":"https://github.com/advisories/GHSA-pqh6-8fxf-jx22","reference_id":"GHSA-pqh6-8fxf-jx22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pqh6-8fxf-jx22"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22","reference_id":"GHSA-pqh6-8fxf-jx22","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig","reference_id":"phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46361","GHSA-pqh6-8fxf-jx22"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-1avq-zfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69892?format=json","vulnerability_id":"VCID-8k51-budg-h3ak","summary":"phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45007","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01073","published_at":"2026-06-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01082","published_at":"2026-06-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0108","published_at":"2026-06-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01076","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45007"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45007","reference_id":"CVE-2026-45007","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45007"},{"reference_url":"https://github.com/advisories/GHSA-rm98-82fr-mcfx","reference_id":"GHSA-rm98-82fr-mcfx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm98-82fr-mcfx"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx","reference_id":"GHSA-rm98-82fr-mcfx","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure","reference_id":"phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45007","GHSA-rm98-82fr-mcfx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8k51-budg-h3ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74950?format=json","vulnerability_id":"VCID-a9tb-yj7x-pya1","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTER_SANITIZE_SPECIAL_CHARS filter only encodes HTML special characters (&, ', \", <, >) and characters with ASCII value < 32, and does not prevent directory traversal sequences like ../. Additionally, the endpoint does not validate CSRF tokens, making it exploitable via CSRF attacks. This issue has been patched in version 4.1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34728","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25709","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25694","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25492","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2569","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34728"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34728","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34728"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1","reference_id":"4.1.1","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T15:23:57Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1"},{"reference_url":"https://github.com/advisories/GHSA-38m8-xrfj-v38x","reference_id":"GHSA-38m8-xrfj-v38x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38m8-xrfj-v38x"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-38m8-xrfj-v38x","reference_id":"GHSA-38m8-xrfj-v38x","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T15:23:57Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-38m8-xrfj-v38x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373458?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-34728","GHSA-38m8-xrfj-v38x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9tb-yj7x-pya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48028?format=json","vulnerability_id":"VCID-cq9g-8pv2-bfcm","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29179","reference_id":"","reference_type":"","scores":[{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57185","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.5731","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57318","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57303","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29179"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29179","reference_id":"CVE-2024-29179","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29179"},{"reference_url":"https://github.com/advisories/GHSA-hm8r-95g3-5hj9","reference_id":"GHSA-hm8r-95g3-5hj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm8r-95g3-5hj9"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9","reference_id":"GHSA-hm8r-95g3-5hj9","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:47:56Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-29179","GHSA-hm8r-95g3-5hj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cq9g-8pv2-bfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68143?format=json","vulnerability_id":"VCID-ecpv-3xqn-eqf8","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46360","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08945","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08939","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08949","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46360"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46360","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46360"},{"reference_url":"https://github.com/advisories/GHSA-whqh-9pq5-c7r3","reference_id":"GHSA-whqh-9pq5-c7r3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whqh-9pq5-c7r3"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3","reference_id":"GHSA-whqh-9pq5-c7r3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer","reference_id":"phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46360","GHSA-whqh-9pq5-c7r3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecpv-3xqn-eqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83223?format=json","vulnerability_id":"VCID-p68j-sbvd-yuh4","summary":"phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along with user email addresses, with similar exposures present in comment, news, and FAQ APIs. This information disclosure vulnerability could enable attackers to harvest email addresses for phishing campaigns or access content that was explicitly marked as private. This issue has been fixed in version 4.0.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24422","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06222","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06194","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06211","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24422"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24422","reference_id":"CVE-2026-24422","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24422"},{"reference_url":"https://github.com/advisories/GHSA-j4rc-96xj-gvqc","reference_id":"GHSA-j4rc-96xj-gvqc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4rc-96xj-gvqc"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc","reference_id":"GHSA-j4rc-96xj-gvqc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T14:57:47Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38148?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/932214?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24422","GHSA-j4rc-96xj-gvqc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p68j-sbvd-yuh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56033?format=json","vulnerability_id":"VCID-q524-u3fc-2uac","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the \"Add News\" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the  `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27299","reference_id":"","reference_type":"","scores":[{"value":"0.02881","scoring_system":"epss","scoring_elements":"0.86608","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02881","scoring_system":"epss","scoring_elements":"0.86665","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02881","scoring_system":"epss","scoring_elements":"0.86668","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02881","scoring_system":"epss","scoring_elements":"0.86658","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27299"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011","reference_id":"1b68a5f89fb65996c56285fa636b818de8608011","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:29:00Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011"},{"reference_url":"https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing","reference_id":"1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:29:00Z/"}],"url":"https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27299","reference_id":"CVE-2024-27299","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27299"},{"reference_url":"https://github.com/advisories/GHSA-qgxx-4xv5-6hcw","reference_id":"GHSA-qgxx-4xv5-6hcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qgxx-4xv5-6hcw"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw","reference_id":"GHSA-qgxx-4xv5-6hcw","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:29:00Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-27299","GHSA-qgxx-4xv5-6hcw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q524-u3fc-2uac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359156?format=json","vulnerability_id":"VCID-qhsm-g24v-k7gj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32629","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41566","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41732","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41751","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4174","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32629"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32629","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32629"},{"reference_url":"https://github.com/advisories/GHSA-98gw-w575-h2ph","reference_id":"GHSA-98gw-w575-h2ph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98gw-w575-h2ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373458?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-32629","GHSA-98gw-w575-h2ph"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsm-g24v-k7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39874?format=json","vulnerability_id":"VCID-qtya-dhhw-uqa9","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28108","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65678","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65685","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65689","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6558","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28108"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634","reference_id":"4fed1d9602f0635260f789fe85995789d94d6634","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T18:41:12Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28108","reference_id":"CVE-2024-28108","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28108"},{"reference_url":"https://github.com/advisories/GHSA-48vw-jpf8-hwqh","reference_id":"GHSA-48vw-jpf8-hwqh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48vw-jpf8-hwqh"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh","reference_id":"GHSA-48vw-jpf8-hwqh","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T18:41:12Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-28108","GHSA-48vw-jpf8-hwqh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtya-dhhw-uqa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69871?format=json","vulnerability_id":"VCID-rrz3-kbbd-eyhq","summary":"phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45010","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41229","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4124","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41249","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41063","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45010"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45010","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45010"},{"reference_url":"https://github.com/advisories/GHSA-9pq7-mfwh-xx2j","reference_id":"GHSA-9pq7-mfwh-xx2j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9pq7-mfwh-xx2j"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j","reference_id":"GHSA-9pq7-mfwh-xx2j","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint","reference_id":"phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45010","GHSA-9pq7-mfwh-xx2j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrz3-kbbd-eyhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68194?format=json","vulnerability_id":"VCID-tpbv-urbk-h7gf","summary":"phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46359","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10145","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10135","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1015","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10098","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46359"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46359","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46359"},{"reference_url":"https://github.com/advisories/GHSA-pm8c-3qq3-72w7","reference_id":"GHSA-pm8c-3qq3-72w7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm8c-3qq3-72w7"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7","reference_id":"GHSA-pm8c-3qq3-72w7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields","reference_id":"phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46359","GHSA-pm8c-3qq3-72w7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpbv-urbk-h7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69890?format=json","vulnerability_id":"VCID-txxg-bugj-6bd4","summary":"phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45008","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15496","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15471","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15503","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45008"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45008","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45008"},{"reference_url":"https://github.com/advisories/GHSA-gh9p-q46p-57g2","reference_id":"GHSA-gh9p-q46p-57g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh9p-q46p-57g2"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2","reference_id":"GHSA-gh9p-q46p-57g2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter","reference_id":"phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45008","GHSA-gh9p-q46p-57g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txxg-bugj-6bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68157?format=json","vulnerability_id":"VCID-vjqh-59nn-5ude","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46363","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08945","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08939","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08949","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46363"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46363","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46363"},{"reference_url":"https://github.com/advisories/GHSA-f5p7-2c9q-8896","reference_id":"GHSA-f5p7-2c9q-8896","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f5p7-2c9q-8896"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896","reference_id":"GHSA-f5p7-2c9q-8896","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass","reference_id":"phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46363","GHSA-f5p7-2c9q-8896"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjqh-59nn-5ude"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39675?format=json","vulnerability_id":"VCID-wgqs-pf23-dkdb","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28106","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36473","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36485","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3646","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36279","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28106"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a","reference_id":"c94b3deadd87789389e1fad162bc3dd595c0e15a","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T00:06:05Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28106","reference_id":"CVE-2024-28106","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28106"},{"reference_url":"https://github.com/advisories/GHSA-6p68-36m6-392r","reference_id":"GHSA-6p68-36m6-392r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6p68-36m6-392r"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r","reference_id":"GHSA-6p68-36m6-392r","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T00:06:05Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-28106","GHSA-6p68-36m6-392r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgqs-pf23-dkdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360347?format=json","vulnerability_id":"VCID-yckn-74u4-pkaw","summary":"phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags\n## Summary\n\nThe `TagController::delete()` endpoint at `DELETE /admin/api/content/tags/{tagId}` only verifies that the user is logged in (`userIsAuthenticated()`), but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with `TagController::update()` and `TagController::search()`, which both enforce the `FAQ_EDIT` permission.\n\n## Details\n\nIn `phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/TagController.php`, the `delete()` method (line 121-133) uses only `$this->userIsAuthenticated()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n    $this->userIsAuthenticated();  // Only checks isLoggedIn() — no permission check\n\n    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n    if ($this->tags->delete($tagId)) {\n        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n    }\n\n    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nCompare with `update()` (line 48-71) which properly enforces authorization:\n\n```php\npublic function update(Request $request): JsonResponse\n{\n    $this->userHasPermission(PermissionType::FAQ_EDIT);  // Proper permission check\n    // ... also verifies CSRF token ...\n}\n```\n\nThe `userIsAuthenticated()` method in `AbstractController` (line 258-263) only checks `$this->currentUser->isLoggedIn()`:\n\n```php\nprotected function userIsAuthenticated(): void\n{\n    if (!$this->currentUser->isLoggedIn()) {\n        throw new UnauthorizedHttpException(challenge: 'User is not authenticated.');\n    }\n}\n```\n\nThere is no admin-level middleware in the `Kernel` — it registers only RouterListener, LanguageListener, ControllerContainerListener, and exception listeners. The admin API entry point (`admin/api/index.php`) shares the same bootstrap and session as the frontend, meaning a frontend user's session cookie is valid for admin API requests.\n\nAdditionally, this endpoint lacks CSRF token verification (unlike `update()`), though the primary issue is the missing authorization since the attack vector is a logged-in user acting directly.\n\n## PoC\n\n```bash\n# Step 1: Register as a regular user on the phpMyFAQ frontend\n# (or use any existing non-admin authenticated session)\n\n# Step 2: As the authenticated non-admin user, delete tag with ID 1:\ncurl -X DELETE 'https://target.com/admin/api/content/tags/1' \\\n  -H 'Cookie: PHPSESSID=<regular_user_session>'\n\n# Expected: 401 or 403 (user lacks FAQ_EDIT permission)\n# Actual: 200 OK with {\"success\": \"...\"}\n\n# Step 3: Enumerate and delete all tags:\nfor i in $(seq 1 100); do\n  curl -s -X DELETE \"https://target.com/admin/api/content/tags/$i\" \\\n    -H 'Cookie: PHPSESSID=<regular_user_session>'\ndone\n```\n\n## Impact\n\nAny authenticated user (including regular frontend users who registered through the public registration form) can delete all tags in the phpMyFAQ instance. This results in:\n\n- **Data integrity loss:** Tags are permanently deleted from the database. All FAQ-to-tag associations are destroyed.\n- **Disruption of FAQ organization:** Tag-based navigation, filtering, and tag clouds become empty or broken.\n- **No recoverability without backup:** Deleted tags and their associations cannot be restored without a database backup.\n\nThe impact is limited to tags (not FAQ content itself), but in large installations with extensive tag taxonomies, this could significantly degrade usability.\n\n## Recommended Fix\n\nAdd the `FAQ_EDIT` permission check and CSRF token verification to `TagController::delete()`, consistent with `TagController::update()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n    $this->userHasPermission(PermissionType::FAQ_EDIT);\n\n    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n    if ($this->tags->delete($tagId)) {\n        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n    }\n\n    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nAt minimum, add `$this->userHasPermission(PermissionType::FAQ_EDIT)` to enforce the same authorization as the update and search endpoints. Consider also adding a dedicated `TAG_DELETE` permission type for more granular access control.","references":[{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/advisories/GHSA-7cx3-2qx2-3g6w","reference_id":"GHSA-7cx3-2qx2-3g6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cx3-2qx2-3g6w"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w","reference_id":"GHSA-7cx3-2qx2-3g6w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["GHSA-7cx3-2qx2-3g6w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yckn-74u4-pkaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48438?format=json","vulnerability_id":"VCID-yjdz-bsf2-xbfz","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29196","reference_id":"","reference_type":"","scores":[{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70873","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70863","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70772","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70875","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29196"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62","reference_id":"7ae2559f079cd5fc9948b6fdfb87581f93840f62","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-05T16:25:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29196","reference_id":"CVE-2024-29196","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29196"},{"reference_url":"https://github.com/advisories/GHSA-mmh6-5cpf-2c72","reference_id":"GHSA-mmh6-5cpf-2c72","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmh6-5cpf-2c72"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72","reference_id":"GHSA-mmh6-5cpf-2c72","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-05T16:25:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29998?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/705677?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha"}],"aliases":["CVE-2024-29196","GHSA-mmh6-5cpf-2c72"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjdz-bsf2-xbfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68203?format=json","vulnerability_id":"VCID-zr1w-jzzj-a7gd","summary":"phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46362","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15029","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14999","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15028","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14909","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46362"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46362","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46362"},{"reference_url":"https://github.com/advisories/GHSA-hpgw-ww76-c68r","reference_id":"GHSA-hpgw-ww76-c68r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hpgw-ww76-c68r"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r","reference_id":"GHSA-hpgw-ww76-c68r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check","reference_id":"phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41355?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46362","GHSA-hpgw-ww76-c68r"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1w-jzzj-a7gd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62082?format=json","vulnerability_id":"VCID-3akv-usbd-53bt","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22202","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52452","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52458","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52329","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5247","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22202"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://www.phpmyfaq.de/security/advisory-2024-02-05","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyfaq.de/security/advisory-2024-02-05"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d","reference_id":"1348dcecdaec5a5714ad567c16429432417b534d","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T15:44:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22202","reference_id":"CVE-2024-22202","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22202"},{"reference_url":"https://github.com/advisories/GHSA-6648-6g96-mg35","reference_id":"GHSA-6648-6g96-mg35","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6648-6g96-mg35"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35","reference_id":"GHSA-6648-6g96-mg35","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T15:44:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28753?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-129s-b67r-uyfw"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-5256-zeqq-yqas"},{"vulnerability":"VCID-527w-e1dv-qyhe"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-cq9g-8pv2-bfcm"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q524-u3fc-2uac"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qtya-dhhw-uqa9"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wgqs-pf23-dkdb"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yjdz-bsf2-xbfz"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5"}],"aliases":["CVE-2024-22202","GHSA-6648-6g96-mg35"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3akv-usbd-53bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62448?format=json","vulnerability_id":"VCID-s9hv-md3j-17hr","summary":"phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22208","reference_id":"","reference_type":"","scores":[{"value":"0.01184","scoring_system":"epss","scoring_elements":"0.79262","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01184","scoring_system":"epss","scoring_elements":"0.79253","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01184","scoring_system":"epss","scoring_elements":"0.79189","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01184","scoring_system":"epss","scoring_elements":"0.79267","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22208"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://www.phpmyfaq.de/security/advisory-2024-02-05","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyfaq.de/security/advisory-2024-02-05"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e","reference_id":"a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:36:54Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22208","reference_id":"CVE-2024-22208","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22208"},{"reference_url":"https://github.com/advisories/GHSA-9hhf-xmcw-r3xg","reference_id":"GHSA-9hhf-xmcw-r3xg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9hhf-xmcw-r3xg"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg","reference_id":"GHSA-9hhf-xmcw-r3xg","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:36:54Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28753?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-129s-b67r-uyfw"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-5256-zeqq-yqas"},{"vulnerability":"VCID-527w-e1dv-qyhe"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-cq9g-8pv2-bfcm"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q524-u3fc-2uac"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qtya-dhhw-uqa9"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wgqs-pf23-dkdb"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yjdz-bsf2-xbfz"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5"}],"aliases":["CVE-2024-22208","GHSA-9hhf-xmcw-r3xg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9hv-md3j-17hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61654?format=json","vulnerability_id":"VCID-ujpq-qjkp-fygk","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24574","reference_id":"","reference_type":"","scores":[{"value":"0.03118","scoring_system":"epss","scoring_elements":"0.87179","published_at":"2026-06-13T12:55:00Z"},{"value":"0.03118","scoring_system":"epss","scoring_elements":"0.87176","published_at":"2026-06-14T12:55:00Z"},{"value":"0.03118","scoring_system":"epss","scoring_elements":"0.87127","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03118","scoring_system":"epss","scoring_elements":"0.87172","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24574"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://www.phpmyfaq.de/security/advisory-2024-02-05","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyfaq.de/security/advisory-2024-02-05"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/pull/2827","reference_id":"2827","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T16:38:54Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/pull/2827"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5","reference_id":"5479b4a4603cce71aa7eb4437f1c201153a1f1f5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T16:38:54Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24574","reference_id":"CVE-2024-24574","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24574"},{"reference_url":"https://github.com/advisories/GHSA-7m8g-fprr-47fx","reference_id":"GHSA-7m8g-fprr-47fx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m8g-fprr-47fx"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx","reference_id":"GHSA-7m8g-fprr-47fx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T16:38:54Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28753?format=json","purl":"pkg:composer/phpmyfaq/phpmyfaq@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-129s-b67r-uyfw"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2na9-t3m7-wfhn"},{"vulnerability":"VCID-5256-zeqq-yqas"},{"vulnerability":"VCID-527w-e1dv-qyhe"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-a9tb-yj7x-pya1"},{"vulnerability":"VCID-cq9g-8pv2-bfcm"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q524-u3fc-2uac"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qtya-dhhw-uqa9"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wgqs-pf23-dkdb"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yjdz-bsf2-xbfz"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5"}],"aliases":["CVE-2024-24574","GHSA-7m8g-fprr-47fx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujpq-qjkp-fygk"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5"}