Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/thorsten/phpmyfaq@2.8.11
Typecomposer
Namespacethorsten
Namephpmyfaq
Version2.8.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.3
Latest_non_vulnerable_version4.1.3
Affected_by_vulnerabilities
0
url VCID-15bx-wfer-qygk
vulnerability_id VCID-15bx-wfer-qygk
summary Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2429
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.67132
published_at 2026-06-12T12:55:00Z
1
value 0.00514
scoring_system epss
scoring_elements 0.6704
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2429
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2429
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2429
4
reference_url https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
reference_id 07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/
url https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
5
reference_url https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
reference_id 20d3a0b3-2693-4bf1-b196-10741201a540
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/
url https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
6
reference_url https://github.com/advisories/GHSA-r69v-q48g-3966
reference_id GHSA-r69v-q48g-3966
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r69v-q48g-3966
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.13
purl pkg:composer/thorsten/phpmyfaq@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-8vqk-5ha5-4bae
14
vulnerability VCID-9mx6-54u5-fugf
15
vulnerability VCID-b64e-gffa-5kg7
16
vulnerability VCID-e4ep-gxfy-jbah
17
vulnerability VCID-ecpv-3xqn-eqf8
18
vulnerability VCID-emzq-e5ru-w3cx
19
vulnerability VCID-h2wj-7wb2-x3hz
20
vulnerability VCID-kppj-ng9a-9fhs
21
vulnerability VCID-p68j-sbvd-yuh4
22
vulnerability VCID-pb65-wunz-tye6
23
vulnerability VCID-q6zp-tnjb-pye3
24
vulnerability VCID-qhsm-g24v-k7gj
25
vulnerability VCID-rp5d-6b4k-33g5
26
vulnerability VCID-rrz3-kbbd-eyhq
27
vulnerability VCID-tpbv-urbk-h7gf
28
vulnerability VCID-txxg-bugj-6bd4
29
vulnerability VCID-u37t-naar-pbav
30
vulnerability VCID-uerm-mjrz-vyg4
31
vulnerability VCID-ufhy-fdmw-hkdv
32
vulnerability VCID-vjqh-59nn-5ude
33
vulnerability VCID-wcpf-w4c4-ubba
34
vulnerability VCID-x1gz-3d4a-1qdy
35
vulnerability VCID-xt5z-y1n5-37fn
36
vulnerability VCID-yckn-74u4-pkaw
37
vulnerability VCID-yn5s-m3hv-7be8
38
vulnerability VCID-z4qa-mnne-pyay
39
vulnerability VCID-z8kb-6u51-8bd9
40
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13
aliases CVE-2023-2429, GHSA-r69v-q48g-3966
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-15bx-wfer-qygk
1
url VCID-15yp-h3fj-pbb1
vulnerability_id VCID-15yp-h3fj-pbb1
summary Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2427
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47997
published_at 2026-06-12T12:55:00Z
1
value 0.00243
scoring_system epss
scoring_elements 0.47856
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2427
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2427
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2427
3
reference_url https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b
reference_id 514f4df2ad918e69575028d58b2e33aaf536e59b
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:53:09Z/
url https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b
4
reference_url https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d
reference_id 89005a6d-d019-4cb7-ae88-486d2d44190d
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:53:09Z/
url https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d
5
reference_url https://github.com/advisories/GHSA-5xq3-7mw9-wj5p
reference_id GHSA-5xq3-7mw9-wj5p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5xq3-7mw9-wj5p
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.13
purl pkg:composer/thorsten/phpmyfaq@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-8vqk-5ha5-4bae
14
vulnerability VCID-9mx6-54u5-fugf
15
vulnerability VCID-b64e-gffa-5kg7
16
vulnerability VCID-e4ep-gxfy-jbah
17
vulnerability VCID-ecpv-3xqn-eqf8
18
vulnerability VCID-emzq-e5ru-w3cx
19
vulnerability VCID-h2wj-7wb2-x3hz
20
vulnerability VCID-kppj-ng9a-9fhs
21
vulnerability VCID-p68j-sbvd-yuh4
22
vulnerability VCID-pb65-wunz-tye6
23
vulnerability VCID-q6zp-tnjb-pye3
24
vulnerability VCID-qhsm-g24v-k7gj
25
vulnerability VCID-rp5d-6b4k-33g5
26
vulnerability VCID-rrz3-kbbd-eyhq
27
vulnerability VCID-tpbv-urbk-h7gf
28
vulnerability VCID-txxg-bugj-6bd4
29
vulnerability VCID-u37t-naar-pbav
30
vulnerability VCID-uerm-mjrz-vyg4
31
vulnerability VCID-ufhy-fdmw-hkdv
32
vulnerability VCID-vjqh-59nn-5ude
33
vulnerability VCID-wcpf-w4c4-ubba
34
vulnerability VCID-x1gz-3d4a-1qdy
35
vulnerability VCID-xt5z-y1n5-37fn
36
vulnerability VCID-yckn-74u4-pkaw
37
vulnerability VCID-yn5s-m3hv-7be8
38
vulnerability VCID-z4qa-mnne-pyay
39
vulnerability VCID-z8kb-6u51-8bd9
40
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13
aliases CVE-2023-2427, GHSA-5xq3-7mw9-wj5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-15yp-h3fj-pbb1
2
url VCID-1kny-sn17-gbdz
vulnerability_id VCID-1kny-sn17-gbdz
summary Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5320
reference_id
reference_type
scores
0
value 0.00544
scoring_system epss
scoring_elements 0.68283
published_at 2026-06-12T12:55:00Z
1
value 0.00544
scoring_system epss
scoring_elements 0.68194
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5320
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5320
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5320
3
reference_url https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67
reference_id 3a2bc18b-5932-4fb5-a01e-24b2b0443b67
reference_type
scores
0
value 9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:16:32Z/
url https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67
4
reference_url https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346
reference_id e92369543959772adcdab4f36c837faa27490346
reference_type
scores
0
value 9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:16:32Z/
url https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346
5
reference_url https://github.com/advisories/GHSA-pp4w-g5p4-85p2
reference_id GHSA-pp4w-g5p4-85p2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp4w-g5p4-85p2
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.18
purl pkg:composer/thorsten/phpmyfaq@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-p68j-sbvd-yuh4
17
vulnerability VCID-q6zp-tnjb-pye3
18
vulnerability VCID-qhsm-g24v-k7gj
19
vulnerability VCID-rrz3-kbbd-eyhq
20
vulnerability VCID-tpbv-urbk-h7gf
21
vulnerability VCID-txxg-bugj-6bd4
22
vulnerability VCID-u37t-naar-pbav
23
vulnerability VCID-vjqh-59nn-5ude
24
vulnerability VCID-xt5z-y1n5-37fn
25
vulnerability VCID-yckn-74u4-pkaw
26
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18
aliases CVE-2023-5320, GHSA-pp4w-g5p4-85p2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kny-sn17-gbdz
3
url VCID-1q6p-7t7t-87e5
vulnerability_id VCID-1q6p-7t7t-87e5
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5317
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.2054
published_at 2026-06-12T12:55:00Z
1
value 0.00065
scoring_system epss
scoring_elements 0.20364
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5317
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5317
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5317
3
reference_url https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54
reference_id 5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:14Z/
url https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54
4
reference_url https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83
reference_id ec551bdf1566ede1e55f289888c446f877ad9a83
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:14Z/
url https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83
5
reference_url https://github.com/advisories/GHSA-5jwv-m8h3-69cg
reference_id GHSA-5jwv-m8h3-69cg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5jwv-m8h3-69cg
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.18
purl pkg:composer/thorsten/phpmyfaq@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-p68j-sbvd-yuh4
17
vulnerability VCID-q6zp-tnjb-pye3
18
vulnerability VCID-qhsm-g24v-k7gj
19
vulnerability VCID-rrz3-kbbd-eyhq
20
vulnerability VCID-tpbv-urbk-h7gf
21
vulnerability VCID-txxg-bugj-6bd4
22
vulnerability VCID-u37t-naar-pbav
23
vulnerability VCID-vjqh-59nn-5ude
24
vulnerability VCID-xt5z-y1n5-37fn
25
vulnerability VCID-yckn-74u4-pkaw
26
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18
aliases CVE-2023-5317, GHSA-5jwv-m8h3-69cg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1q6p-7t7t-87e5
4
url VCID-1qwx-htn1-4bg8
vulnerability_id VCID-1qwx-htn1-4bg8
summary phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-46364
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.2036
published_at 2026-06-11T12:55:00Z
1
value 0.07758
scoring_system epss
scoring_elements 0.92161
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-46364
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46364
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46364
3
reference_url https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92
reference_id b9f25109fddb38eee19987183798638d07943f92
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/
url https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92
4
reference_url https://github.com/advisories/GHSA-289f-fq7w-6q2w
reference_id GHSA-289f-fq7w-6q2w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-289f-fq7w-6q2w
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w
reference_id GHSA-289f-fq7w-6q2w
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w
6
reference_url https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha
reference_id phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/
url https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-46364, GHSA-289f-fq7w-6q2w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwx-htn1-4bg8
5
url VCID-1rpy-1jkw-w3fx
vulnerability_id VCID-1rpy-1jkw-w3fx
summary Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0880
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59743
published_at 2026-06-11T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59851
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0880
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0880
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0880
3
reference_url https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c
reference_id 14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T15:56:55Z/
url https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c
4
reference_url https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa
reference_id a67dca41576834a1ddfee61b9e799b686b75d4fa
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T15:56:55Z/
url https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa
5
reference_url https://github.com/advisories/GHSA-f9c6-4j9h-6c5r
reference_id GHSA-f9c6-4j9h-6c5r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f9c6-4j9h-6c5r
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0880, GHSA-f9c6-4j9h-6c5r
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rpy-1jkw-w3fx
6
url VCID-1v6k-n15u-1bcm
vulnerability_id VCID-1v6k-n15u-1bcm
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3608
reference_id
reference_type
scores
0
value 0.00509
scoring_system epss
scoring_elements 0.66892
published_at 2026-06-12T12:55:00Z
1
value 0.00509
scoring_system epss
scoring_elements 0.668
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3608
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677
reference_id 37123edd50f854bd141e6fbe65221af2d5cf2677
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/
url https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677
3
reference_url https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850
reference_id 8f0f3635-9d81-4c55-9826-2ba955c3a850
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/
url https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3608
reference_id CVE-2022-3608
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3608
5
reference_url https://github.com/advisories/GHSA-6rj8-9cm9-6gff
reference_id GHSA-6rj8-9cm9-6gff
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6rj8-9cm9-6gff
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.0-alpha
purl pkg:composer/thorsten/phpmyfaq@3.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-8vqk-5ha5-4bae
12
vulnerability VCID-9mx6-54u5-fugf
13
vulnerability VCID-b64e-gffa-5kg7
14
vulnerability VCID-e4ep-gxfy-jbah
15
vulnerability VCID-ecpv-3xqn-eqf8
16
vulnerability VCID-emzq-e5ru-w3cx
17
vulnerability VCID-h2wj-7wb2-x3hz
18
vulnerability VCID-p68j-sbvd-yuh4
19
vulnerability VCID-q6zp-tnjb-pye3
20
vulnerability VCID-qhsm-g24v-k7gj
21
vulnerability VCID-rrz3-kbbd-eyhq
22
vulnerability VCID-tpbv-urbk-h7gf
23
vulnerability VCID-txxg-bugj-6bd4
24
vulnerability VCID-u37t-naar-pbav
25
vulnerability VCID-vjqh-59nn-5ude
26
vulnerability VCID-wcpf-w4c4-ubba
27
vulnerability VCID-xt5z-y1n5-37fn
28
vulnerability VCID-yckn-74u4-pkaw
29
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-alpha
aliases CVE-2022-3608, GHSA-6rj8-9cm9-6gff
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1v6k-n15u-1bcm
7
url VCID-2bb7-xtyn-dbcq
vulnerability_id VCID-2bb7-xtyn-dbcq
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5864
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25787
published_at 2026-06-12T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.25589
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5864
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5864
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5864
3
reference_url https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa
reference_id b3e5a053b59dcc072d76a55d6ce0311ea30174fa
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T13:54:56Z/
url https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa
4
reference_url https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad
reference_id e4b0e8f4-5e06-49d1-832f-5756573623ad
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T13:54:56Z/
url https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad
5
reference_url https://github.com/advisories/GHSA-g5hp-328h-jj98
reference_id GHSA-g5hp-328h-jj98
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g5hp-328h-jj98
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.1
purl pkg:composer/thorsten/phpmyfaq@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-ecpv-3xqn-eqf8
14
vulnerability VCID-emzq-e5ru-w3cx
15
vulnerability VCID-p68j-sbvd-yuh4
16
vulnerability VCID-q6zp-tnjb-pye3
17
vulnerability VCID-qhsm-g24v-k7gj
18
vulnerability VCID-rrz3-kbbd-eyhq
19
vulnerability VCID-tpbv-urbk-h7gf
20
vulnerability VCID-txxg-bugj-6bd4
21
vulnerability VCID-u37t-naar-pbav
22
vulnerability VCID-vjqh-59nn-5ude
23
vulnerability VCID-xt5z-y1n5-37fn
24
vulnerability VCID-yckn-74u4-pkaw
25
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.1
1
url pkg:composer/thorsten/phpmyfaq@3.2.2
purl pkg:composer/thorsten/phpmyfaq@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bsv-7dt5-6qcu
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-9mx6-54u5-fugf
9
vulnerability VCID-b64e-gffa-5kg7
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-emzq-e5ru-w3cx
12
vulnerability VCID-p68j-sbvd-yuh4
13
vulnerability VCID-q6zp-tnjb-pye3
14
vulnerability VCID-qhsm-g24v-k7gj
15
vulnerability VCID-rrz3-kbbd-eyhq
16
vulnerability VCID-tpbv-urbk-h7gf
17
vulnerability VCID-txxg-bugj-6bd4
18
vulnerability VCID-u37t-naar-pbav
19
vulnerability VCID-vjqh-59nn-5ude
20
vulnerability VCID-yckn-74u4-pkaw
21
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2
aliases CVE-2023-5864, GHSA-g5hp-328h-jj98
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bb7-xtyn-dbcq
8
url VCID-2bsv-7dt5-6qcu
vulnerability_id VCID-2bsv-7dt5-6qcu
summary phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55889
reference_id
reference_type
scores
0
value 0.09124
scoring_system epss
scoring_elements 0.9288
published_at 2026-06-12T12:55:00Z
1
value 0.09124
scoring_system epss
scoring_elements 0.92857
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55889
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55889
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55889
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt
reference_id CVE-2024-55889
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt
4
reference_url https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d
reference_id fa0f7368dc3288eedb1915def64ef8fb270f711d
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/
url https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d
5
reference_url https://github.com/advisories/GHSA-m3r7-8gw7-qwvc
reference_id GHSA-m3r7-8gw7-qwvc
reference_type
scores
url https://github.com/advisories/GHSA-m3r7-8gw7-qwvc
6
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc
reference_id GHSA-m3r7-8gw7-qwvc
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.10
purl pkg:composer/thorsten/phpmyfaq@3.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-57ev-2w6v-mbbs
2
vulnerability VCID-5ez6-qnbc-nfgb
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-9mx6-54u5-fugf
9
vulnerability VCID-b64e-gffa-5kg7
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-emzq-e5ru-w3cx
12
vulnerability VCID-p68j-sbvd-yuh4
13
vulnerability VCID-q6zp-tnjb-pye3
14
vulnerability VCID-qhsm-g24v-k7gj
15
vulnerability VCID-rrz3-kbbd-eyhq
16
vulnerability VCID-tpbv-urbk-h7gf
17
vulnerability VCID-txxg-bugj-6bd4
18
vulnerability VCID-u37t-naar-pbav
19
vulnerability VCID-vjqh-59nn-5ude
20
vulnerability VCID-yckn-74u4-pkaw
21
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.10
aliases CVE-2024-55889, GHSA-m3r7-8gw7-qwvc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bsv-7dt5-6qcu
9
url VCID-2wd2-u5mg-suh4
vulnerability_id VCID-2wd2-u5mg-suh4
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5867
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25375
published_at 2026-06-12T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25178
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5867
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5867
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5867
3
reference_url https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3
reference_id 5310cb8c37dc3a5c5aead0898690b14705c433d3
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:16Z/
url https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3
4
reference_url https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0
reference_id 5c09b32e-a041-4a1e-a277-eb3e80967df0
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:16Z/
url https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0
5
reference_url https://github.com/advisories/GHSA-prrv-r843-4p75
reference_id GHSA-prrv-r843-4p75
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prrv-r843-4p75
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.2
purl pkg:composer/thorsten/phpmyfaq@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bsv-7dt5-6qcu
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-9mx6-54u5-fugf
9
vulnerability VCID-b64e-gffa-5kg7
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-emzq-e5ru-w3cx
12
vulnerability VCID-p68j-sbvd-yuh4
13
vulnerability VCID-q6zp-tnjb-pye3
14
vulnerability VCID-qhsm-g24v-k7gj
15
vulnerability VCID-rrz3-kbbd-eyhq
16
vulnerability VCID-tpbv-urbk-h7gf
17
vulnerability VCID-txxg-bugj-6bd4
18
vulnerability VCID-u37t-naar-pbav
19
vulnerability VCID-vjqh-59nn-5ude
20
vulnerability VCID-yckn-74u4-pkaw
21
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2
aliases CVE-2023-5867, GHSA-prrv-r843-4p75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2wd2-u5mg-suh4
10
url VCID-4ej8-n833-fuf4
vulnerability_id VCID-4ej8-n833-fuf4
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1756
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41521
published_at 2026-06-11T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41687
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1756
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1756
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1756
3
reference_url https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726
reference_id ca75f4688a8b0f14d5d0697b9f4b6ea66088f726
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:43:35Z/
url https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726
4
reference_url https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9
reference_id e495b443-b328-42f5-aed5-d68b929b4cb9
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:43:35Z/
url https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9
5
reference_url https://github.com/advisories/GHSA-8p48-ghv5-7qq7
reference_id GHSA-8p48-ghv5-7qq7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8p48-ghv5-7qq7
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1756, GHSA-8p48-ghv5-7qq7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ej8-n833-fuf4
11
url VCID-569v-kyhm-6bd7
vulnerability_id VCID-569v-kyhm-6bd7
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4408
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45442
published_at 2026-06-12T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45294
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4408
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4408
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4408
3
reference_url https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea
reference_id 2ec4ddd4-de22-4f2d-ba92-3382b452bfea
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:13Z/
url https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea
4
reference_url https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751
reference_id e2ea332a2b5e798f2c39203b2489a2dabe831751
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:13Z/
url https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751
5
reference_url https://github.com/advisories/GHSA-rjf6-wj7r-5fj2
reference_id GHSA-rjf6-wj7r-5fj2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjf6-wj7r-5fj2
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.9
purl pkg:composer/thorsten/phpmyfaq@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8hxw-rvte-33a1
18
vulnerability VCID-8k51-budg-h3ak
19
vulnerability VCID-8tff-qn8m-r3hc
20
vulnerability VCID-8vqk-5ha5-4bae
21
vulnerability VCID-9mx6-54u5-fugf
22
vulnerability VCID-ajev-ydxv-nbd5
23
vulnerability VCID-aku3-vveb-gugg
24
vulnerability VCID-ax4d-t793-8bas
25
vulnerability VCID-b214-zgc8-4qdh
26
vulnerability VCID-b4yy-mtkz-hybq
27
vulnerability VCID-b64e-gffa-5kg7
28
vulnerability VCID-bfsb-58cj-mfaa
29
vulnerability VCID-btr7-sehp-zbac
30
vulnerability VCID-c229-su7g-v3dg
31
vulnerability VCID-cjzd-5q9t-nfek
32
vulnerability VCID-cnr9-cykp-bbaw
33
vulnerability VCID-dc77-t7y6-z3ab
34
vulnerability VCID-e4ep-gxfy-jbah
35
vulnerability VCID-e6u1-1y99-5khx
36
vulnerability VCID-ecpv-3xqn-eqf8
37
vulnerability VCID-emzq-e5ru-w3cx
38
vulnerability VCID-fnfe-xws9-8bgg
39
vulnerability VCID-gj1u-m1qq-1qb1
40
vulnerability VCID-gnxm-rq5g-g3d9
41
vulnerability VCID-gsjf-hmab-ruew
42
vulnerability VCID-gvt4-1vk8-8fbx
43
vulnerability VCID-h2wj-7wb2-x3hz
44
vulnerability VCID-hygm-7h9w-x7cs
45
vulnerability VCID-jq9j-su28-xken
46
vulnerability VCID-kfmg-41jk-qfh6
47
vulnerability VCID-kppj-ng9a-9fhs
48
vulnerability VCID-m9y5-g412-zbeh
49
vulnerability VCID-mt7j-r561-tubz
50
vulnerability VCID-naqh-qumg-37gh
51
vulnerability VCID-p68j-sbvd-yuh4
52
vulnerability VCID-pb65-wunz-tye6
53
vulnerability VCID-q6zp-tnjb-pye3
54
vulnerability VCID-qb4k-vsfg-wycb
55
vulnerability VCID-qhsm-g24v-k7gj
56
vulnerability VCID-qpnp-kehq-f7gm
57
vulnerability VCID-qrn1-cpad-puht
58
vulnerability VCID-r24s-k7p3-f7e4
59
vulnerability VCID-rp5d-6b4k-33g5
60
vulnerability VCID-rrh1-efbq-tugt
61
vulnerability VCID-rrz3-kbbd-eyhq
62
vulnerability VCID-spjh-4tvh-gyca
63
vulnerability VCID-tpbv-urbk-h7gf
64
vulnerability VCID-tq9d-mguz-8bhp
65
vulnerability VCID-txxg-bugj-6bd4
66
vulnerability VCID-ty89-v3b2-7yf7
67
vulnerability VCID-u37t-naar-pbav
68
vulnerability VCID-uerm-mjrz-vyg4
69
vulnerability VCID-ufhy-fdmw-hkdv
70
vulnerability VCID-v4hc-w2g2-63f5
71
vulnerability VCID-vjqh-59nn-5ude
72
vulnerability VCID-wcpf-w4c4-ubba
73
vulnerability VCID-x1gz-3d4a-1qdy
74
vulnerability VCID-x4fs-3h7u-4bbe
75
vulnerability VCID-xt5z-y1n5-37fn
76
vulnerability VCID-yckn-74u4-pkaw
77
vulnerability VCID-yh2p-b5px-b7hz
78
vulnerability VCID-yn5s-m3hv-7be8
79
vulnerability VCID-z4qa-mnne-pyay
80
vulnerability VCID-z8kb-6u51-8bd9
81
vulnerability VCID-zaaf-n1z8-v7b3
82
vulnerability VCID-zr1w-jzzj-a7gd
83
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9
aliases CVE-2022-4408, GHSA-rjf6-wj7r-5fj2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-569v-kyhm-6bd7
12
url VCID-57ev-2w6v-mbbs
vulnerability_id VCID-57ev-2w6v-mbbs
summary phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24421
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50358
published_at 2026-06-11T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50491
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24421
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt
reference_id CVE-2026-24421
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24421
reference_id CVE-2026-24421
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24421
4
reference_url https://github.com/advisories/GHSA-wm8h-26fv-mg7g
reference_id GHSA-wm8h-26fv-mg7g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wm8h-26fv-mg7g
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g
reference_id GHSA-wm8h-26fv-mg7g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:22Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.0.17
purl pkg:composer/thorsten/phpmyfaq@4.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17
1
url pkg:composer/thorsten/phpmyfaq@4.1.0-RC
purl pkg:composer/thorsten/phpmyfaq@4.1.0-RC
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-5pw3-qxh6-6ufr
2
vulnerability VCID-7tpb-1avq-zfhu
3
vulnerability VCID-8k51-budg-h3ak
4
vulnerability VCID-9mx6-54u5-fugf
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-q6zp-tnjb-pye3
7
vulnerability VCID-qhsm-g24v-k7gj
8
vulnerability VCID-rrz3-kbbd-eyhq
9
vulnerability VCID-tpbv-urbk-h7gf
10
vulnerability VCID-txxg-bugj-6bd4
11
vulnerability VCID-vjqh-59nn-5ude
12
vulnerability VCID-yckn-74u4-pkaw
13
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC
aliases CVE-2026-24421, GHSA-wm8h-26fv-mg7g
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57ev-2w6v-mbbs
13
url VCID-5pw3-qxh6-6ufr
vulnerability_id VCID-5pw3-qxh6-6ufr
summary phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-46366
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23355
published_at 2026-06-11T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.2355
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-46366
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46366
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46366
3
reference_url https://github.com/advisories/GHSA-99qv-g4x9-mgc3
reference_id GHSA-99qv-g4x9-mgc3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99qv-g4x9-mgc3
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3
reference_id GHSA-99qv-g4x9-mgc3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass
reference_id phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/
url https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-46366, GHSA-99qv-g4x9-mgc3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pw3-qxh6-6ufr
14
url VCID-5v8s-4wnz-43ef
vulnerability_id VCID-5v8s-4wnz-43ef
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16650
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35689
published_at 2026-06-11T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35869
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16650
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16650
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16650
3
reference_url https://www.phpmyfaq.de/security/advisory-2018-09-02
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.phpmyfaq.de/security/advisory-2018-09-02
4
reference_url https://github.com/advisories/GHSA-p57w-9q28-j6v7
reference_id GHSA-p57w-9q28-j6v7
reference_type
scores
url https://github.com/advisories/GHSA-p57w-9q28-j6v7
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@2.9.11
purl pkg:composer/thorsten/phpmyfaq@2.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-1v6k-n15u-1bcm
7
vulnerability VCID-2bb7-xtyn-dbcq
8
vulnerability VCID-2bsv-7dt5-6qcu
9
vulnerability VCID-2wd2-u5mg-suh4
10
vulnerability VCID-4ej8-n833-fuf4
11
vulnerability VCID-569v-kyhm-6bd7
12
vulnerability VCID-57ev-2w6v-mbbs
13
vulnerability VCID-5pw3-qxh6-6ufr
14
vulnerability VCID-5wsg-7979-dqgs
15
vulnerability VCID-6jmj-n5mz-bba8
16
vulnerability VCID-6w5z-nvj8-wke8
17
vulnerability VCID-7tpb-1avq-zfhu
18
vulnerability VCID-8fkr-xfw6-ffcj
19
vulnerability VCID-8hxw-rvte-33a1
20
vulnerability VCID-8k51-budg-h3ak
21
vulnerability VCID-8tff-qn8m-r3hc
22
vulnerability VCID-8vqk-5ha5-4bae
23
vulnerability VCID-9mx6-54u5-fugf
24
vulnerability VCID-ajev-ydxv-nbd5
25
vulnerability VCID-aku3-vveb-gugg
26
vulnerability VCID-ax4d-t793-8bas
27
vulnerability VCID-b214-zgc8-4qdh
28
vulnerability VCID-b4yy-mtkz-hybq
29
vulnerability VCID-b64e-gffa-5kg7
30
vulnerability VCID-bfsb-58cj-mfaa
31
vulnerability VCID-btr7-sehp-zbac
32
vulnerability VCID-c229-su7g-v3dg
33
vulnerability VCID-cjzd-5q9t-nfek
34
vulnerability VCID-cnr9-cykp-bbaw
35
vulnerability VCID-dc77-t7y6-z3ab
36
vulnerability VCID-e3h4-tm9q-dufz
37
vulnerability VCID-e4ep-gxfy-jbah
38
vulnerability VCID-e6u1-1y99-5khx
39
vulnerability VCID-ecpv-3xqn-eqf8
40
vulnerability VCID-emzq-e5ru-w3cx
41
vulnerability VCID-fnfe-xws9-8bgg
42
vulnerability VCID-gj1u-m1qq-1qb1
43
vulnerability VCID-gnxm-rq5g-g3d9
44
vulnerability VCID-gsjf-hmab-ruew
45
vulnerability VCID-gvt4-1vk8-8fbx
46
vulnerability VCID-h2wj-7wb2-x3hz
47
vulnerability VCID-h499-pfbv-t7hr
48
vulnerability VCID-hygm-7h9w-x7cs
49
vulnerability VCID-jq9j-su28-xken
50
vulnerability VCID-kfmg-41jk-qfh6
51
vulnerability VCID-kppj-ng9a-9fhs
52
vulnerability VCID-m9y5-g412-zbeh
53
vulnerability VCID-mt7j-r561-tubz
54
vulnerability VCID-naqh-qumg-37gh
55
vulnerability VCID-p68j-sbvd-yuh4
56
vulnerability VCID-pb65-wunz-tye6
57
vulnerability VCID-q6zp-tnjb-pye3
58
vulnerability VCID-qb4k-vsfg-wycb
59
vulnerability VCID-qhsm-g24v-k7gj
60
vulnerability VCID-qpnp-kehq-f7gm
61
vulnerability VCID-qrn1-cpad-puht
62
vulnerability VCID-r24s-k7p3-f7e4
63
vulnerability VCID-rp5d-6b4k-33g5
64
vulnerability VCID-rrh1-efbq-tugt
65
vulnerability VCID-rrz3-kbbd-eyhq
66
vulnerability VCID-spjh-4tvh-gyca
67
vulnerability VCID-tpbv-urbk-h7gf
68
vulnerability VCID-tq9d-mguz-8bhp
69
vulnerability VCID-txxg-bugj-6bd4
70
vulnerability VCID-ty89-v3b2-7yf7
71
vulnerability VCID-u37t-naar-pbav
72
vulnerability VCID-uerm-mjrz-vyg4
73
vulnerability VCID-ufhy-fdmw-hkdv
74
vulnerability VCID-v4hc-w2g2-63f5
75
vulnerability VCID-vjqh-59nn-5ude
76
vulnerability VCID-wcpf-w4c4-ubba
77
vulnerability VCID-x1gz-3d4a-1qdy
78
vulnerability VCID-x4fs-3h7u-4bbe
79
vulnerability VCID-xt5z-y1n5-37fn
80
vulnerability VCID-yckn-74u4-pkaw
81
vulnerability VCID-ygjv-jn67-p3h9
82
vulnerability VCID-yh2p-b5px-b7hz
83
vulnerability VCID-yn5s-m3hv-7be8
84
vulnerability VCID-z4qa-mnne-pyay
85
vulnerability VCID-z8kb-6u51-8bd9
86
vulnerability VCID-zaaf-n1z8-v7b3
87
vulnerability VCID-zpeg-pwqh-hbby
88
vulnerability VCID-zr1w-jzzj-a7gd
89
vulnerability VCID-ztw9-5sne-p3e9
90
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@2.9.11
aliases CVE-2018-16650, GHSA-p57w-9q28-j6v7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5v8s-4wnz-43ef
15
url VCID-5wsg-7979-dqgs
vulnerability_id VCID-5wsg-7979-dqgs
summary phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62519
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30546
published_at 2026-06-12T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.3035
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62519
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14
reference_id 4.0.13...4.0.14
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/
url https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62519
reference_id CVE-2025-62519
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62519
4
reference_url https://github.com/advisories/GHSA-fxm2-cmwj-qvx4
reference_id GHSA-fxm2-cmwj-qvx4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxm2-cmwj-qvx4
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4
reference_id GHSA-fxm2-cmwj-qvx4
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.0.14
purl pkg:composer/thorsten/phpmyfaq@4.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-57ev-2w6v-mbbs
2
vulnerability VCID-5pw3-qxh6-6ufr
3
vulnerability VCID-6jmj-n5mz-bba8
4
vulnerability VCID-7tpb-1avq-zfhu
5
vulnerability VCID-8k51-budg-h3ak
6
vulnerability VCID-9mx6-54u5-fugf
7
vulnerability VCID-ecpv-3xqn-eqf8
8
vulnerability VCID-emzq-e5ru-w3cx
9
vulnerability VCID-p68j-sbvd-yuh4
10
vulnerability VCID-q6zp-tnjb-pye3
11
vulnerability VCID-qhsm-g24v-k7gj
12
vulnerability VCID-rrz3-kbbd-eyhq
13
vulnerability VCID-tpbv-urbk-h7gf
14
vulnerability VCID-txxg-bugj-6bd4
15
vulnerability VCID-u37t-naar-pbav
16
vulnerability VCID-vjqh-59nn-5ude
17
vulnerability VCID-x8f6-wx6k-f3d5
18
vulnerability VCID-yckn-74u4-pkaw
19
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.14
aliases CVE-2025-62519, GHSA-fxm2-cmwj-qvx4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wsg-7979-dqgs
16
url VCID-6jmj-n5mz-bba8
vulnerability_id VCID-6jmj-n5mz-bba8
summary phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24420
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03833
published_at 2026-06-11T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03854
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24420
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24420
reference_id CVE-2026-24420
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24420
3
reference_url https://github.com/advisories/GHSA-7p9h-m7m8-vhhv
reference_id GHSA-7p9h-m7m8-vhhv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7p9h-m7m8-vhhv
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv
reference_id GHSA-7p9h-m7m8-vhhv
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T15:00:41Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.0.17
purl pkg:composer/thorsten/phpmyfaq@4.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17
1
url pkg:composer/thorsten/phpmyfaq@4.1.0-RC
purl pkg:composer/thorsten/phpmyfaq@4.1.0-RC
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-5pw3-qxh6-6ufr
2
vulnerability VCID-7tpb-1avq-zfhu
3
vulnerability VCID-8k51-budg-h3ak
4
vulnerability VCID-9mx6-54u5-fugf
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-q6zp-tnjb-pye3
7
vulnerability VCID-qhsm-g24v-k7gj
8
vulnerability VCID-rrz3-kbbd-eyhq
9
vulnerability VCID-tpbv-urbk-h7gf
10
vulnerability VCID-txxg-bugj-6bd4
11
vulnerability VCID-vjqh-59nn-5ude
12
vulnerability VCID-yckn-74u4-pkaw
13
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC
aliases CVE-2026-24420, GHSA-7p9h-m7m8-vhhv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmj-n5mz-bba8
17
url VCID-6w5z-nvj8-wke8
vulnerability_id VCID-6w5z-nvj8-wke8
summary Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5865
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.5559
published_at 2026-06-12T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.5547
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5865
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5865
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5865
3
reference_url https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff
reference_id 4c4b7395-d9fd-4ca0-98d7-2e20c1249aff
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:18:18Z/
url https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff
4
reference_url https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5
reference_id 5f43786f52c3d517e7665abd25d534e180e08dc5
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:18:18Z/
url https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5
5
reference_url https://github.com/advisories/GHSA-f728-prhw-2g68
reference_id GHSA-f728-prhw-2g68
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f728-prhw-2g68
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.2
purl pkg:composer/thorsten/phpmyfaq@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bsv-7dt5-6qcu
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-9mx6-54u5-fugf
9
vulnerability VCID-b64e-gffa-5kg7
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-emzq-e5ru-w3cx
12
vulnerability VCID-p68j-sbvd-yuh4
13
vulnerability VCID-q6zp-tnjb-pye3
14
vulnerability VCID-qhsm-g24v-k7gj
15
vulnerability VCID-rrz3-kbbd-eyhq
16
vulnerability VCID-tpbv-urbk-h7gf
17
vulnerability VCID-txxg-bugj-6bd4
18
vulnerability VCID-u37t-naar-pbav
19
vulnerability VCID-vjqh-59nn-5ude
20
vulnerability VCID-yckn-74u4-pkaw
21
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2
aliases CVE-2023-5865, GHSA-f728-prhw-2g68
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6w5z-nvj8-wke8
18
url VCID-7tpb-1avq-zfhu
vulnerability_id VCID-7tpb-1avq-zfhu
summary phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-46361
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01337
published_at 2026-06-11T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01334
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-46361
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46361
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46361
3
reference_url https://github.com/advisories/GHSA-pqh6-8fxf-jx22
reference_id GHSA-pqh6-8fxf-jx22
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pqh6-8fxf-jx22
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22
reference_id GHSA-pqh6-8fxf-jx22
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig
reference_id phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/
url https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-46361, GHSA-pqh6-8fxf-jx22
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-1avq-zfhu
19
url VCID-8fkr-xfw6-ffcj
vulnerability_id VCID-8fkr-xfw6-ffcj
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1759
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.46116
published_at 2026-06-12T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45971
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1759
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1759
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1759
3
reference_url https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1
reference_id e8109aed-d364-4c0c-9545-4de0347b10e1
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:45:28Z/
url https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1
4
reference_url https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa
reference_id ecbd8107fe954b6be95dab315862d1caa0b94efa
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:45:28Z/
url https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa
5
reference_url https://github.com/advisories/GHSA-4wfc-ghv5-2v7j
reference_id GHSA-4wfc-ghv5-2v7j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wfc-ghv5-2v7j
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1759, GHSA-4wfc-ghv5-2v7j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fkr-xfw6-ffcj
20
url VCID-8hxw-rvte-33a1
vulnerability_id VCID-8hxw-rvte-33a1
summary Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0314
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.54595
published_at 2026-06-12T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54469
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0314
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0314
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0314
3
reference_url https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98
reference_id 3872e7eac2ddeac182fc1335cc312d1392d56f98
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:14:16Z/
url https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98
4
reference_url https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67
reference_id eac0a9d7-9721-4191-bef3-d43b0df59c67
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:14:16Z/
url https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67
5
reference_url https://github.com/advisories/GHSA-m9xr-8cx7-53pj
reference_id GHSA-m9xr-8cx7-53pj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9xr-8cx7-53pj
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0314, GHSA-m9xr-8cx7-53pj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hxw-rvte-33a1
21
url VCID-8k51-budg-h3ak
vulnerability_id VCID-8k51-budg-h3ak
summary phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45007
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01076
published_at 2026-06-11T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.01073
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45007
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45007
reference_id CVE-2026-45007
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45007
3
reference_url https://github.com/advisories/GHSA-rm98-82fr-mcfx
reference_id GHSA-rm98-82fr-mcfx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rm98-82fr-mcfx
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx
reference_id GHSA-rm98-82fr-mcfx
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure
reference_id phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/
url https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-45007, GHSA-rm98-82fr-mcfx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8k51-budg-h3ak
22
url VCID-8tff-qn8m-r3hc
vulnerability_id VCID-8tff-qn8m-r3hc
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1875
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42388
published_at 2026-06-12T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42223
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1875
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1875
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1875
3
reference_url https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61
reference_id 39715aaf-e798-4c60-97c4-45f4f2cd5c61
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:36:40Z/
url https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61
4
reference_url https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a
reference_id dcf7dd43a3412aa951d7087b86a8b917fae2133a
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:36:40Z/
url https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a
5
reference_url https://github.com/advisories/GHSA-ch5w-2994-6h82
reference_id GHSA-ch5w-2994-6h82
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ch5w-2994-6h82
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1875, GHSA-ch5w-2994-6h82
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tff-qn8m-r3hc
23
url VCID-8vqk-5ha5-4bae
vulnerability_id VCID-8vqk-5ha5-4bae
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2753
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43847
published_at 2026-06-12T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.4369
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2753
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2753
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2753
3
reference_url https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba
reference_id 5401ab75d022932b8d5d7adaa771acf44fed18ba
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T18:09:09Z/
url https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba
4
reference_url https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628
reference_id eca2284d-e81a-4ab8-91bb-7afeca557628
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T18:09:09Z/
url https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628
5
reference_url https://github.com/advisories/GHSA-vppq-6ff8-2m8w
reference_id GHSA-vppq-6ff8-2m8w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vppq-6ff8-2m8w
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.0-beta
purl pkg:composer/thorsten/phpmyfaq@3.2.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-h2wj-7wb2-x3hz
17
vulnerability VCID-p68j-sbvd-yuh4
18
vulnerability VCID-q6zp-tnjb-pye3
19
vulnerability VCID-qhsm-g24v-k7gj
20
vulnerability VCID-rrz3-kbbd-eyhq
21
vulnerability VCID-tpbv-urbk-h7gf
22
vulnerability VCID-txxg-bugj-6bd4
23
vulnerability VCID-u37t-naar-pbav
24
vulnerability VCID-vjqh-59nn-5ude
25
vulnerability VCID-xt5z-y1n5-37fn
26
vulnerability VCID-yckn-74u4-pkaw
27
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta
aliases CVE-2023-2753, GHSA-vppq-6ff8-2m8w
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vqk-5ha5-4bae
24
url VCID-9mx6-54u5-fugf
vulnerability_id VCID-9mx6-54u5-fugf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34974
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.127
published_at 2026-06-11T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.1279
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34974
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34974
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34974
4
reference_url https://github.com/advisories/GHSA-5crx-pfhq-4hgg
reference_id GHSA-5crx-pfhq-4hgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5crx-pfhq-4hgg
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.1
purl pkg:composer/thorsten/phpmyfaq@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-426v-vz22-nqem
2
vulnerability VCID-5pw3-qxh6-6ufr
3
vulnerability VCID-7tpb-1avq-zfhu
4
vulnerability VCID-8k51-budg-h3ak
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-n3tn-cpf3-5qe2
7
vulnerability VCID-rrz3-kbbd-eyhq
8
vulnerability VCID-tpbv-urbk-h7gf
9
vulnerability VCID-txxg-bugj-6bd4
10
vulnerability VCID-vjqh-59nn-5ude
11
vulnerability VCID-yckn-74u4-pkaw
12
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1
aliases CVE-2026-34974, GHSA-5crx-pfhq-4hgg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mx6-54u5-fugf
25
url VCID-ajev-ydxv-nbd5
vulnerability_id VCID-ajev-ydxv-nbd5
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1879
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49896
published_at 2026-06-12T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49759
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1879
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/commit/a2642195e9fcb9a6f151bfaa4ff20bf1b905da2e
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ/commit/a2642195e9fcb9a6f151bfaa4ff20bf1b905da2e
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1879
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1879
4
reference_url https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91
reference_id 0dc8e527c375007cd4b8dbf61f7167393a6f6e91
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:39:54Z/
url https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91
5
reference_url https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334
reference_id 1dc7f818-c8ea-4f80-b000-31b48a426334
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:39:54Z/
url https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334
6
reference_url https://github.com/advisories/GHSA-m9qm-m5w5-9pgj
reference_id GHSA-m9qm-m5w5-9pgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9qm-m5w5-9pgj
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1879, GHSA-m9qm-m5w5-9pgj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajev-ydxv-nbd5
26
url VCID-aku3-vveb-gugg
vulnerability_id VCID-aku3-vveb-gugg
summary Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1886
reference_id
reference_type
scores
0
value 0.01116
scoring_system epss
scoring_elements 0.78606
published_at 2026-06-11T12:55:00Z
1
value 0.01116
scoring_system epss
scoring_elements 0.78672
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1886
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1886
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1886
3
reference_url https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a
reference_id 27eaaae16850694634ac52416a0bd38b35d7330a
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:06Z/
url https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a
4
reference_url https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a
reference_id b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:06Z/
url https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a
5
reference_url https://github.com/advisories/GHSA-4cr4-x82x-hwm9
reference_id GHSA-4cr4-x82x-hwm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4cr4-x82x-hwm9
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1886, GHSA-4cr4-x82x-hwm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aku3-vveb-gugg
27
url VCID-ax4d-t793-8bas
vulnerability_id VCID-ax4d-t793-8bas
summary Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0786
reference_id
reference_type
scores
0
value 0.0042
scoring_system epss
scoring_elements 0.62383
published_at 2026-06-11T12:55:00Z
1
value 0.0042
scoring_system epss
scoring_elements 0.62484
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0786
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0786
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0786
3
reference_url https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f
reference_id 8c74ccab-0d1d-4c6b-a0fa-803aa65de04f
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:47:29Z/
url https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f
4
reference_url https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f
reference_id ce676eb9e9d8cb7864f36ee124e838b1ad15415f
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:47:29Z/
url https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f
5
reference_url https://github.com/advisories/GHSA-jfpg-jggf-rpph
reference_id GHSA-jfpg-jggf-rpph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfpg-jggf-rpph
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0786, GHSA-jfpg-jggf-rpph
risk_score 3.8
exploitability 0.5
weighted_severity 7.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax4d-t793-8bas
28
url VCID-b214-zgc8-4qdh
vulnerability_id VCID-b214-zgc8-4qdh
summary Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1882
reference_id
reference_type
scores
0
value 0.00357
scoring_system epss
scoring_elements 0.5849
published_at 2026-06-12T12:55:00Z
1
value 0.00357
scoring_system epss
scoring_elements 0.58378
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1882
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1882
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1882
3
reference_url https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2
reference_id 49db615c300ae0f87795f20570f6f5bdccb1d2f2
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:38Z/
url https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2
4
reference_url https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957
reference_id 8ab09a1c-cfd5-4ce0-aae3-d33c93318957
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:38Z/
url https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957
5
reference_url https://github.com/advisories/GHSA-jph3-3j24-pg3j
reference_id GHSA-jph3-3j24-pg3j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jph3-3j24-pg3j
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1882, GHSA-jph3-3j24-pg3j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b214-zgc8-4qdh
29
url VCID-b4yy-mtkz-hybq
vulnerability_id VCID-b4yy-mtkz-hybq
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1878
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.51479
published_at 2026-06-12T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.51347
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1878
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1878
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1878
3
reference_url https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc
reference_id 93f981a3-231d-460d-a239-bb960e8c2fdc
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:40:29Z/
url https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc
4
reference_url https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417
reference_id e018823f8e3bca103c11e5a98b0dd469e41ed417
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:40:29Z/
url https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417
5
reference_url https://github.com/advisories/GHSA-gcmq-7652-x98j
reference_id GHSA-gcmq-7652-x98j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gcmq-7652-x98j
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1878, GHSA-gcmq-7652-x98j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4yy-mtkz-hybq
30
url VCID-b64e-gffa-5kg7
vulnerability_id VCID-b64e-gffa-5kg7
summary phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54141
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.60253
published_at 2026-06-12T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.60147
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54141
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-54141
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-54141
3
reference_url https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe
reference_id b9289a0b2233df864361c131cd177b6715fbb0fe
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/
url https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe
4
reference_url https://github.com/advisories/GHSA-vrjr-p3xp-xx2x
reference_id GHSA-vrjr-p3xp-xx2x
reference_type
scores
url https://github.com/advisories/GHSA-vrjr-p3xp-xx2x
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x
reference_id GHSA-vrjr-p3xp-xx2x
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.0.0
purl pkg:composer/thorsten/phpmyfaq@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-57ev-2w6v-mbbs
2
vulnerability VCID-5ez6-qnbc-nfgb
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-9mx6-54u5-fugf
9
vulnerability VCID-ecpv-3xqn-eqf8
10
vulnerability VCID-emzq-e5ru-w3cx
11
vulnerability VCID-p68j-sbvd-yuh4
12
vulnerability VCID-q6zp-tnjb-pye3
13
vulnerability VCID-qhsm-g24v-k7gj
14
vulnerability VCID-rrz3-kbbd-eyhq
15
vulnerability VCID-tpbv-urbk-h7gf
16
vulnerability VCID-txxg-bugj-6bd4
17
vulnerability VCID-u37t-naar-pbav
18
vulnerability VCID-vjqh-59nn-5ude
19
vulnerability VCID-yckn-74u4-pkaw
20
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.0
aliases CVE-2024-54141, GHSA-vrjr-p3xp-xx2x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b64e-gffa-5kg7
31
url VCID-bfsb-58cj-mfaa
vulnerability_id VCID-bfsb-58cj-mfaa
summary Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1758
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.51479
published_at 2026-06-12T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.51347
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1758
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1758
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1758
3
reference_url https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c
reference_id 0854328e-eb00-41a3-9573-8da8f00e369c
reference_type
scores
0
value 8.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:42:37Z/
url https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c
4
reference_url https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57
reference_id f3380f46c464d1bc6f3ded29213c79be0de8fc57
reference_type
scores
0
value 8.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:42:37Z/
url https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57
5
reference_url https://github.com/advisories/GHSA-3j93-7rf7-p7m6
reference_id GHSA-3j93-7rf7-p7m6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3j93-7rf7-p7m6
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1758, GHSA-3j93-7rf7-p7m6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfsb-58cj-mfaa
32
url VCID-btr7-sehp-zbac
vulnerability_id VCID-btr7-sehp-zbac
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0312
reference_id
reference_type
scores
0
value 0.00674
scoring_system epss
scoring_elements 0.7201
published_at 2026-06-12T12:55:00Z
1
value 0.00674
scoring_system epss
scoring_elements 0.71926
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0312
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0312
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0312
3
reference_url https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a
reference_id 65d419ca04111ee2612ae81cdd59753654cfe18a
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:16:33Z/
url https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a
4
reference_url https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9
reference_id f50ec8d1-cd60-4c2d-9ab8-3711870d83b9
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:16:33Z/
url https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9
5
reference_url https://github.com/advisories/GHSA-6449-vf6p-9hfp
reference_id GHSA-6449-vf6p-9hfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6449-vf6p-9hfp
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0312, GHSA-6449-vf6p-9hfp
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-btr7-sehp-zbac
33
url VCID-c229-su7g-v3dg
vulnerability_id VCID-c229-su7g-v3dg
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2550
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.46116
published_at 2026-06-12T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45971
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2550
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2550
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2550
3
reference_url https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf
reference_id 20ac51594db11604a4518aacc28a51f67d4f11bf
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:14:20Z/
url https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf
4
reference_url https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b
reference_id 840c8d91-c97e-4116-a9f8-4ab1a38d239b
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:14:20Z/
url https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b
5
reference_url https://github.com/advisories/GHSA-5mf7-p346-7rm8
reference_id GHSA-5mf7-p346-7rm8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mf7-p346-7rm8
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.13
purl pkg:composer/thorsten/phpmyfaq@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-8vqk-5ha5-4bae
14
vulnerability VCID-9mx6-54u5-fugf
15
vulnerability VCID-b64e-gffa-5kg7
16
vulnerability VCID-e4ep-gxfy-jbah
17
vulnerability VCID-ecpv-3xqn-eqf8
18
vulnerability VCID-emzq-e5ru-w3cx
19
vulnerability VCID-h2wj-7wb2-x3hz
20
vulnerability VCID-kppj-ng9a-9fhs
21
vulnerability VCID-p68j-sbvd-yuh4
22
vulnerability VCID-pb65-wunz-tye6
23
vulnerability VCID-q6zp-tnjb-pye3
24
vulnerability VCID-qhsm-g24v-k7gj
25
vulnerability VCID-rp5d-6b4k-33g5
26
vulnerability VCID-rrz3-kbbd-eyhq
27
vulnerability VCID-tpbv-urbk-h7gf
28
vulnerability VCID-txxg-bugj-6bd4
29
vulnerability VCID-u37t-naar-pbav
30
vulnerability VCID-uerm-mjrz-vyg4
31
vulnerability VCID-ufhy-fdmw-hkdv
32
vulnerability VCID-vjqh-59nn-5ude
33
vulnerability VCID-wcpf-w4c4-ubba
34
vulnerability VCID-x1gz-3d4a-1qdy
35
vulnerability VCID-xt5z-y1n5-37fn
36
vulnerability VCID-yckn-74u4-pkaw
37
vulnerability VCID-yn5s-m3hv-7be8
38
vulnerability VCID-z4qa-mnne-pyay
39
vulnerability VCID-z8kb-6u51-8bd9
40
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13
aliases CVE-2023-2550, GHSA-5mf7-p346-7rm8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c229-su7g-v3dg
34
url VCID-cjzd-5q9t-nfek
vulnerability_id VCID-cjzd-5q9t-nfek
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1760
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.55167
published_at 2026-06-12T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.55045
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1760
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1760
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1760
3
reference_url https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5
reference_id 2d0ac48a-490d-4548-8d98-7447042dd1b5
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:44:48Z/
url https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5
4
reference_url https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770
reference_id 56295b54062a284020fccce12a5044f9fa7d2770
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:44:48Z/
url https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770
5
reference_url https://github.com/advisories/GHSA-7q9c-f2v8-j8gw
reference_id GHSA-7q9c-f2v8-j8gw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q9c-f2v8-j8gw
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1760, GHSA-7q9c-f2v8-j8gw
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjzd-5q9t-nfek
35
url VCID-cnr9-cykp-bbaw
vulnerability_id VCID-cnr9-cykp-bbaw
summary phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-53929
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.22228
published_at 2026-06-12T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.22038
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-53929
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://www.phpmyfaq.de
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyfaq.de
3
reference_url https://www.exploit-db.com/exploits/51399
reference_id 51399
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/
url https://www.exploit-db.com/exploits/51399
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-53929
reference_id CVE-2023-53929
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-53929
5
reference_url https://github.com/advisories/GHSA-x2v3-9p22-w3x6
reference_id GHSA-x2v3-9p22-w3x6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2v3-9p22-w3x6
6
reference_url https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export
reference_id phpmyfaq-csv-injection-via-user-profile-export
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/
url https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export
7
reference_url https://www.phpmyfaq.de/
reference_id www.phpmyfaq.de
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/
url https://www.phpmyfaq.de/
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.13
purl pkg:composer/thorsten/phpmyfaq@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-8vqk-5ha5-4bae
14
vulnerability VCID-9mx6-54u5-fugf
15
vulnerability VCID-b64e-gffa-5kg7
16
vulnerability VCID-e4ep-gxfy-jbah
17
vulnerability VCID-ecpv-3xqn-eqf8
18
vulnerability VCID-emzq-e5ru-w3cx
19
vulnerability VCID-h2wj-7wb2-x3hz
20
vulnerability VCID-kppj-ng9a-9fhs
21
vulnerability VCID-p68j-sbvd-yuh4
22
vulnerability VCID-pb65-wunz-tye6
23
vulnerability VCID-q6zp-tnjb-pye3
24
vulnerability VCID-qhsm-g24v-k7gj
25
vulnerability VCID-rp5d-6b4k-33g5
26
vulnerability VCID-rrz3-kbbd-eyhq
27
vulnerability VCID-tpbv-urbk-h7gf
28
vulnerability VCID-txxg-bugj-6bd4
29
vulnerability VCID-u37t-naar-pbav
30
vulnerability VCID-uerm-mjrz-vyg4
31
vulnerability VCID-ufhy-fdmw-hkdv
32
vulnerability VCID-vjqh-59nn-5ude
33
vulnerability VCID-wcpf-w4c4-ubba
34
vulnerability VCID-x1gz-3d4a-1qdy
35
vulnerability VCID-xt5z-y1n5-37fn
36
vulnerability VCID-yckn-74u4-pkaw
37
vulnerability VCID-yn5s-m3hv-7be8
38
vulnerability VCID-z4qa-mnne-pyay
39
vulnerability VCID-z8kb-6u51-8bd9
40
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13
aliases CVE-2023-53929, GHSA-x2v3-9p22-w3x6
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnr9-cykp-bbaw
36
url VCID-dc77-t7y6-z3ab
vulnerability_id VCID-dc77-t7y6-z3ab
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0309
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.48099
published_at 2026-06-12T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47959
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0309
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0309
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0309
3
reference_url https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b
reference_id 376d1d3e5a42edf07260e98461d2fddbee74419b
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:22:09Z/
url https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b
4
reference_url https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6
reference_id c03c5925-43ff-450d-9827-2b65a3307ed6
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:22:09Z/
url https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6
5
reference_url https://github.com/advisories/GHSA-25c3-7fvj-v45j
reference_id GHSA-25c3-7fvj-v45j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25c3-7fvj-v45j
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0309, GHSA-25c3-7fvj-v45j
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc77-t7y6-z3ab
37
url VCID-e3h4-tm9q-dufz
vulnerability_id VCID-e3h4-tm9q-dufz
summary Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3754
reference_id
reference_type
scores
0
value 0.00921
scoring_system epss
scoring_elements 0.76497
published_at 2026-06-12T12:55:00Z
1
value 0.00921
scoring_system epss
scoring_elements 0.76427
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3754
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3754
reference_id CVE-2022-3754
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3754
3
reference_url https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
reference_id d7a87d2646287828c70401ca8976ef531fbc77ea
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/
url https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
4
reference_url https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
reference_id f4711d7f-1368-48ab-9bef-45f32e356c47
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/
url https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
5
reference_url https://github.com/advisories/GHSA-2rr3-rv49-p42f
reference_id GHSA-2rr3-rv49-p42f
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rr3-rv49-p42f
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.8
purl pkg:composer/thorsten/phpmyfaq@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-569v-kyhm-6bd7
11
vulnerability VCID-57ev-2w6v-mbbs
12
vulnerability VCID-5pw3-qxh6-6ufr
13
vulnerability VCID-5wsg-7979-dqgs
14
vulnerability VCID-6jmj-n5mz-bba8
15
vulnerability VCID-6w5z-nvj8-wke8
16
vulnerability VCID-7tpb-1avq-zfhu
17
vulnerability VCID-8fkr-xfw6-ffcj
18
vulnerability VCID-8hxw-rvte-33a1
19
vulnerability VCID-8k51-budg-h3ak
20
vulnerability VCID-8tff-qn8m-r3hc
21
vulnerability VCID-8vqk-5ha5-4bae
22
vulnerability VCID-9mx6-54u5-fugf
23
vulnerability VCID-ajev-ydxv-nbd5
24
vulnerability VCID-aku3-vveb-gugg
25
vulnerability VCID-ax4d-t793-8bas
26
vulnerability VCID-b214-zgc8-4qdh
27
vulnerability VCID-b4yy-mtkz-hybq
28
vulnerability VCID-b64e-gffa-5kg7
29
vulnerability VCID-bfsb-58cj-mfaa
30
vulnerability VCID-btr7-sehp-zbac
31
vulnerability VCID-c229-su7g-v3dg
32
vulnerability VCID-cjzd-5q9t-nfek
33
vulnerability VCID-cnr9-cykp-bbaw
34
vulnerability VCID-dc77-t7y6-z3ab
35
vulnerability VCID-e4ep-gxfy-jbah
36
vulnerability VCID-e6u1-1y99-5khx
37
vulnerability VCID-ecpv-3xqn-eqf8
38
vulnerability VCID-emzq-e5ru-w3cx
39
vulnerability VCID-fnfe-xws9-8bgg
40
vulnerability VCID-gj1u-m1qq-1qb1
41
vulnerability VCID-gnxm-rq5g-g3d9
42
vulnerability VCID-gsjf-hmab-ruew
43
vulnerability VCID-gvt4-1vk8-8fbx
44
vulnerability VCID-h2wj-7wb2-x3hz
45
vulnerability VCID-hygm-7h9w-x7cs
46
vulnerability VCID-jq9j-su28-xken
47
vulnerability VCID-kfmg-41jk-qfh6
48
vulnerability VCID-kppj-ng9a-9fhs
49
vulnerability VCID-m9y5-g412-zbeh
50
vulnerability VCID-mt7j-r561-tubz
51
vulnerability VCID-naqh-qumg-37gh
52
vulnerability VCID-p68j-sbvd-yuh4
53
vulnerability VCID-pb65-wunz-tye6
54
vulnerability VCID-q6zp-tnjb-pye3
55
vulnerability VCID-qb4k-vsfg-wycb
56
vulnerability VCID-qhsm-g24v-k7gj
57
vulnerability VCID-qpnp-kehq-f7gm
58
vulnerability VCID-qrn1-cpad-puht
59
vulnerability VCID-r24s-k7p3-f7e4
60
vulnerability VCID-rp5d-6b4k-33g5
61
vulnerability VCID-rrh1-efbq-tugt
62
vulnerability VCID-rrz3-kbbd-eyhq
63
vulnerability VCID-spjh-4tvh-gyca
64
vulnerability VCID-tpbv-urbk-h7gf
65
vulnerability VCID-tq9d-mguz-8bhp
66
vulnerability VCID-txxg-bugj-6bd4
67
vulnerability VCID-ty89-v3b2-7yf7
68
vulnerability VCID-u37t-naar-pbav
69
vulnerability VCID-uerm-mjrz-vyg4
70
vulnerability VCID-ufhy-fdmw-hkdv
71
vulnerability VCID-v4hc-w2g2-63f5
72
vulnerability VCID-vjqh-59nn-5ude
73
vulnerability VCID-wcpf-w4c4-ubba
74
vulnerability VCID-x1gz-3d4a-1qdy
75
vulnerability VCID-x4fs-3h7u-4bbe
76
vulnerability VCID-xt5z-y1n5-37fn
77
vulnerability VCID-yckn-74u4-pkaw
78
vulnerability VCID-ygjv-jn67-p3h9
79
vulnerability VCID-yh2p-b5px-b7hz
80
vulnerability VCID-yn5s-m3hv-7be8
81
vulnerability VCID-z4qa-mnne-pyay
82
vulnerability VCID-z8kb-6u51-8bd9
83
vulnerability VCID-zaaf-n1z8-v7b3
84
vulnerability VCID-zr1w-jzzj-a7gd
85
vulnerability VCID-ztw9-5sne-p3e9
86
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8
aliases CVE-2022-3754, GHSA-2rr3-rv49-p42f
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3h4-tm9q-dufz
38
url VCID-e4ep-gxfy-jbah
vulnerability_id VCID-e4ep-gxfy-jbah
summary Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5866
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08286
published_at 2026-06-12T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.08249
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5866
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5866
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5866
3
reference_url https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945
reference_id ec44bcba-ae7f-497a-851e-8165ecf56945
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:51Z/
url https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945
4
reference_url https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55
reference_id fdacff14acd5e69841068f0e32b59e2d1b1d0d55
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:51Z/
url https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55
5
reference_url https://github.com/advisories/GHSA-34w4-wrqp-j47g
reference_id GHSA-34w4-wrqp-j47g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34w4-wrqp-j47g
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.1
purl pkg:composer/thorsten/phpmyfaq@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-ecpv-3xqn-eqf8
14
vulnerability VCID-emzq-e5ru-w3cx
15
vulnerability VCID-p68j-sbvd-yuh4
16
vulnerability VCID-q6zp-tnjb-pye3
17
vulnerability VCID-qhsm-g24v-k7gj
18
vulnerability VCID-rrz3-kbbd-eyhq
19
vulnerability VCID-tpbv-urbk-h7gf
20
vulnerability VCID-txxg-bugj-6bd4
21
vulnerability VCID-u37t-naar-pbav
22
vulnerability VCID-vjqh-59nn-5ude
23
vulnerability VCID-xt5z-y1n5-37fn
24
vulnerability VCID-yckn-74u4-pkaw
25
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.1
aliases CVE-2023-5866, GHSA-34w4-wrqp-j47g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ep-gxfy-jbah
39
url VCID-e6u1-1y99-5khx
vulnerability_id VCID-e6u1-1y99-5khx
summary Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0789
reference_id
reference_type
scores
0
value 0.07757
scoring_system epss
scoring_elements 0.9216
published_at 2026-06-12T12:55:00Z
1
value 0.07757
scoring_system epss
scoring_elements 0.92133
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0789
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0789
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0789
4
reference_url https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb
reference_id 40515c74815ace394ab23c6c19cbb33fd49059cb
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:50:05Z/
url https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb
5
reference_url https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5
reference_id d9375178-2f23-4f5d-88bd-bba3d6ba7cc5
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:50:05Z/
url https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5
6
reference_url https://github.com/advisories/GHSA-6vp5-vv9p-7q62
reference_id GHSA-6vp5-vv9p-7q62
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vp5-vv9p-7q62
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0789, GHSA-6vp5-vv9p-7q62
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6u1-1y99-5khx
40
url VCID-ecpv-3xqn-eqf8
vulnerability_id VCID-ecpv-3xqn-eqf8
summary phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-46360
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08901
published_at 2026-06-11T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08945
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-46360
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46360
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46360
3
reference_url https://github.com/advisories/GHSA-whqh-9pq5-c7r3
reference_id GHSA-whqh-9pq5-c7r3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whqh-9pq5-c7r3
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3
reference_id GHSA-whqh-9pq5-c7r3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer
reference_id phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/
url https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-46360, GHSA-whqh-9pq5-c7r3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecpv-3xqn-eqf8
41
url VCID-emzq-e5ru-w3cx
vulnerability_id VCID-emzq-e5ru-w3cx
summary phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27836
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19689
published_at 2026-06-12T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19515
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27836
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27836
reference_id CVE-2026-27836
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27836
3
reference_url https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
reference_id f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/
url https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
4
reference_url https://github.com/advisories/GHSA-w22q-m2fm-x9f4
reference_id GHSA-w22q-m2fm-x9f4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w22q-m2fm-x9f4
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
reference_id GHSA-w22q-m2fm-x9f4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.0.18
purl pkg:composer/thorsten/phpmyfaq@4.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-5pw3-qxh6-6ufr
2
vulnerability VCID-7tpb-1avq-zfhu
3
vulnerability VCID-8k51-budg-h3ak
4
vulnerability VCID-9mx6-54u5-fugf
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-q6zp-tnjb-pye3
7
vulnerability VCID-qhsm-g24v-k7gj
8
vulnerability VCID-rrz3-kbbd-eyhq
9
vulnerability VCID-tpbv-urbk-h7gf
10
vulnerability VCID-txxg-bugj-6bd4
11
vulnerability VCID-vjqh-59nn-5ude
12
vulnerability VCID-yckn-74u4-pkaw
13
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.18
1
url pkg:composer/thorsten/phpmyfaq@4.1.0-RC
purl pkg:composer/thorsten/phpmyfaq@4.1.0-RC
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-5pw3-qxh6-6ufr
2
vulnerability VCID-7tpb-1avq-zfhu
3
vulnerability VCID-8k51-budg-h3ak
4
vulnerability VCID-9mx6-54u5-fugf
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-q6zp-tnjb-pye3
7
vulnerability VCID-qhsm-g24v-k7gj
8
vulnerability VCID-rrz3-kbbd-eyhq
9
vulnerability VCID-tpbv-urbk-h7gf
10
vulnerability VCID-txxg-bugj-6bd4
11
vulnerability VCID-vjqh-59nn-5ude
12
vulnerability VCID-yckn-74u4-pkaw
13
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC
aliases CVE-2026-27836, GHSA-w22q-m2fm-x9f4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emzq-e5ru-w3cx
42
url VCID-fnfe-xws9-8bgg
vulnerability_id VCID-fnfe-xws9-8bgg
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0310
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55298
published_at 2026-06-12T12:55:00Z
1
value 0.00317
scoring_system epss
scoring_elements 0.55177
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0310
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0310
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0310
3
reference_url https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a
reference_id 051d5e20-7fab-4769-bd7d-d986b804bb5a
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:20:16Z/
url https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a
4
reference_url https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142
reference_id 53099a9bcc928f5f6f7cce111c04b79a72a04142
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:20:16Z/
url https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142
5
reference_url https://github.com/advisories/GHSA-9jff-8xmm-mw22
reference_id GHSA-9jff-8xmm-mw22
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jff-8xmm-mw22
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0310, GHSA-9jff-8xmm-mw22
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnfe-xws9-8bgg
43
url VCID-gj1u-m1qq-1qb1
vulnerability_id VCID-gj1u-m1qq-1qb1
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1885
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42223
published_at 2026-06-11T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42388
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1885
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1885
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1885
3
reference_url https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8
reference_id bce84c02-abb2-474f-a67b-1468c9dcabb8
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:30Z/
url https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8
4
reference_url https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024
reference_id fecc803ab9c3e82718c4bcea7fe919d7a22ec024
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:30Z/
url https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024
5
reference_url https://github.com/advisories/GHSA-xxm6-ff3x-v4vm
reference_id GHSA-xxm6-ff3x-v4vm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxm6-ff3x-v4vm
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1885, GHSA-xxm6-ff3x-v4vm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gj1u-m1qq-1qb1
44
url VCID-gnxm-rq5g-g3d9
vulnerability_id VCID-gnxm-rq5g-g3d9
summary Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1887
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54216
published_at 2026-06-12T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.5409
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1887
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1887
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1887
3
reference_url https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89
reference_id 400d9cd988d3287515c56b2ad6343026966f1a89
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/
url https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89
4
reference_url https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
reference_id e4a58835-96b5-412c-a17e-3ceed30231e1
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/
url https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
5
reference_url https://github.com/advisories/GHSA-gx43-fqrx-6fcw
reference_id GHSA-gx43-fqrx-6fcw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gx43-fqrx-6fcw
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1887, GHSA-gx43-fqrx-6fcw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnxm-rq5g-g3d9
45
url VCID-gsjf-hmab-ruew
vulnerability_id VCID-gsjf-hmab-ruew
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0308
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.48099
published_at 2026-06-12T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47959
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0308
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0308
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0308
3
reference_url https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f
reference_id 810ee26d25c3d97664532861863099952f0e9a1f
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:23:14Z/
url https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f
4
reference_url https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69
reference_id 83cfed62-af8b-4aaa-94f2-5a33dc0c2d69
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:23:14Z/
url https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69
5
reference_url https://github.com/advisories/GHSA-w475-749h-c77m
reference_id GHSA-w475-749h-c77m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w475-749h-c77m
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0308, GHSA-w475-749h-c77m
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsjf-hmab-ruew
46
url VCID-gvt4-1vk8-8fbx
vulnerability_id VCID-gvt4-1vk8-8fbx
summary Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1883
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.61073
published_at 2026-06-12T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60967
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1883
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1883
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1883
3
reference_url https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191
reference_id 2f1e417d-cf64-4cfb-954b-3a9cb2f38191
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:04Z/
url https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191
4
reference_url https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503
reference_id db77df888178766987398597d4f153831c62a503
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:04Z/
url https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503
5
reference_url https://github.com/advisories/GHSA-2wjp-w7g7-h63q
reference_id GHSA-2wjp-w7g7-h63q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2wjp-w7g7-h63q
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1883, GHSA-2wjp-w7g7-h63q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvt4-1vk8-8fbx
47
url VCID-h2wj-7wb2-x3hz
vulnerability_id VCID-h2wj-7wb2-x3hz
summary Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3469
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40104
published_at 2026-06-12T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.39935
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3469
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3469
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3469
3
reference_url https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278
reference_id 04a0183c25dd425f4c2bfb5f75b7650b932ae278
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:03:49Z/
url https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278
4
reference_url https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca
reference_id 3565cfc9-82c4-4db8-9b8f-494dd81b56ca
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:03:49Z/
url https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca
5
reference_url https://github.com/advisories/GHSA-v6g2-jwrm-h5r5
reference_id GHSA-v6g2-jwrm-h5r5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v6g2-jwrm-h5r5
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.0-beta.2
purl pkg:composer/thorsten/phpmyfaq@3.2.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-p68j-sbvd-yuh4
17
vulnerability VCID-q6zp-tnjb-pye3
18
vulnerability VCID-qhsm-g24v-k7gj
19
vulnerability VCID-rrz3-kbbd-eyhq
20
vulnerability VCID-tpbv-urbk-h7gf
21
vulnerability VCID-txxg-bugj-6bd4
22
vulnerability VCID-u37t-naar-pbav
23
vulnerability VCID-vjqh-59nn-5ude
24
vulnerability VCID-xt5z-y1n5-37fn
25
vulnerability VCID-yckn-74u4-pkaw
26
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta.2
aliases CVE-2023-3469, GHSA-v6g2-jwrm-h5r5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2wj-7wb2-x3hz
48
url VCID-h499-pfbv-t7hr
vulnerability_id VCID-h499-pfbv-t7hr
summary Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3766
reference_id
reference_type
scores
0
value 0.2358
scoring_system epss
scoring_elements 0.96117
published_at 2026-06-12T12:55:00Z
1
value 0.2358
scoring_system epss
scoring_elements 0.96106
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3766
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d
reference_id c7904f2236c6c0dd64c2226b90c30af0f7e5a72d
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:09:19Z/
url https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52445.txt
reference_id CVE-2022-3766
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52445.txt
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3766
reference_id CVE-2022-3766
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3766
5
reference_url https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md
reference_id CVE-2022-3766.MD
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md
6
reference_url https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983
reference_id d9666520-4ff5-43bb-aacf-50c8e5570983
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:09:19Z/
url https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983
7
reference_url https://github.com/advisories/GHSA-mg5h-rhjq-6v84
reference_id GHSA-mg5h-rhjq-6v84
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg5h-rhjq-6v84
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.8
purl pkg:composer/thorsten/phpmyfaq@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-569v-kyhm-6bd7
11
vulnerability VCID-57ev-2w6v-mbbs
12
vulnerability VCID-5pw3-qxh6-6ufr
13
vulnerability VCID-5wsg-7979-dqgs
14
vulnerability VCID-6jmj-n5mz-bba8
15
vulnerability VCID-6w5z-nvj8-wke8
16
vulnerability VCID-7tpb-1avq-zfhu
17
vulnerability VCID-8fkr-xfw6-ffcj
18
vulnerability VCID-8hxw-rvte-33a1
19
vulnerability VCID-8k51-budg-h3ak
20
vulnerability VCID-8tff-qn8m-r3hc
21
vulnerability VCID-8vqk-5ha5-4bae
22
vulnerability VCID-9mx6-54u5-fugf
23
vulnerability VCID-ajev-ydxv-nbd5
24
vulnerability VCID-aku3-vveb-gugg
25
vulnerability VCID-ax4d-t793-8bas
26
vulnerability VCID-b214-zgc8-4qdh
27
vulnerability VCID-b4yy-mtkz-hybq
28
vulnerability VCID-b64e-gffa-5kg7
29
vulnerability VCID-bfsb-58cj-mfaa
30
vulnerability VCID-btr7-sehp-zbac
31
vulnerability VCID-c229-su7g-v3dg
32
vulnerability VCID-cjzd-5q9t-nfek
33
vulnerability VCID-cnr9-cykp-bbaw
34
vulnerability VCID-dc77-t7y6-z3ab
35
vulnerability VCID-e4ep-gxfy-jbah
36
vulnerability VCID-e6u1-1y99-5khx
37
vulnerability VCID-ecpv-3xqn-eqf8
38
vulnerability VCID-emzq-e5ru-w3cx
39
vulnerability VCID-fnfe-xws9-8bgg
40
vulnerability VCID-gj1u-m1qq-1qb1
41
vulnerability VCID-gnxm-rq5g-g3d9
42
vulnerability VCID-gsjf-hmab-ruew
43
vulnerability VCID-gvt4-1vk8-8fbx
44
vulnerability VCID-h2wj-7wb2-x3hz
45
vulnerability VCID-hygm-7h9w-x7cs
46
vulnerability VCID-jq9j-su28-xken
47
vulnerability VCID-kfmg-41jk-qfh6
48
vulnerability VCID-kppj-ng9a-9fhs
49
vulnerability VCID-m9y5-g412-zbeh
50
vulnerability VCID-mt7j-r561-tubz
51
vulnerability VCID-naqh-qumg-37gh
52
vulnerability VCID-p68j-sbvd-yuh4
53
vulnerability VCID-pb65-wunz-tye6
54
vulnerability VCID-q6zp-tnjb-pye3
55
vulnerability VCID-qb4k-vsfg-wycb
56
vulnerability VCID-qhsm-g24v-k7gj
57
vulnerability VCID-qpnp-kehq-f7gm
58
vulnerability VCID-qrn1-cpad-puht
59
vulnerability VCID-r24s-k7p3-f7e4
60
vulnerability VCID-rp5d-6b4k-33g5
61
vulnerability VCID-rrh1-efbq-tugt
62
vulnerability VCID-rrz3-kbbd-eyhq
63
vulnerability VCID-spjh-4tvh-gyca
64
vulnerability VCID-tpbv-urbk-h7gf
65
vulnerability VCID-tq9d-mguz-8bhp
66
vulnerability VCID-txxg-bugj-6bd4
67
vulnerability VCID-ty89-v3b2-7yf7
68
vulnerability VCID-u37t-naar-pbav
69
vulnerability VCID-uerm-mjrz-vyg4
70
vulnerability VCID-ufhy-fdmw-hkdv
71
vulnerability VCID-v4hc-w2g2-63f5
72
vulnerability VCID-vjqh-59nn-5ude
73
vulnerability VCID-wcpf-w4c4-ubba
74
vulnerability VCID-x1gz-3d4a-1qdy
75
vulnerability VCID-x4fs-3h7u-4bbe
76
vulnerability VCID-xt5z-y1n5-37fn
77
vulnerability VCID-yckn-74u4-pkaw
78
vulnerability VCID-ygjv-jn67-p3h9
79
vulnerability VCID-yh2p-b5px-b7hz
80
vulnerability VCID-yn5s-m3hv-7be8
81
vulnerability VCID-z4qa-mnne-pyay
82
vulnerability VCID-z8kb-6u51-8bd9
83
vulnerability VCID-zaaf-n1z8-v7b3
84
vulnerability VCID-zr1w-jzzj-a7gd
85
vulnerability VCID-ztw9-5sne-p3e9
86
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8
aliases CVE-2022-3766, GHSA-mg5h-rhjq-6v84
risk_score 10.0
exploitability 2.0
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h499-pfbv-t7hr
49
url VCID-hygm-7h9w-x7cs
vulnerability_id VCID-hygm-7h9w-x7cs
summary Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1762
reference_id
reference_type
scores
0
value 0.0036
scoring_system epss
scoring_elements 0.58691
published_at 2026-06-12T12:55:00Z
1
value 0.0036
scoring_system epss
scoring_elements 0.58579
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1762
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1762
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1762
3
reference_url https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a
reference_id 3c2374cc-7082-44b7-a6a6-ccff7a650a3a
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:00:40Z/
url https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a
4
reference_url https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514
reference_id ae6c1d8c3eab05d6e2227c7a9998707f4f891514
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:00:40Z/
url https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514
5
reference_url https://github.com/advisories/GHSA-xww4-w6ff-5q3g
reference_id GHSA-xww4-w6ff-5q3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xww4-w6ff-5q3g
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1762, GHSA-xww4-w6ff-5q3g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hygm-7h9w-x7cs
50
url VCID-jq9j-su28-xken
vulnerability_id VCID-jq9j-su28-xken
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0791
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56298
published_at 2026-06-12T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56178
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0791
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0791
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0791
4
reference_url https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce
reference_id 26663efcb0b67e421e4ecccad8f19e7106bb03ce
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:48:30Z/
url https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce
5
reference_url https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d
reference_id 7152b340-c6f3-4ac8-9f62-f764a267488d
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:48:30Z/
url https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d
6
reference_url https://github.com/advisories/GHSA-c38p-vw6j-qjpr
reference_id GHSA-c38p-vw6j-qjpr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c38p-vw6j-qjpr
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0791, GHSA-c38p-vw6j-qjpr
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq9j-su28-xken
51
url VCID-kfmg-41jk-qfh6
vulnerability_id VCID-kfmg-41jk-qfh6
summary Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1755
reference_id
reference_type
scores
0
value 0.00435
scoring_system epss
scoring_elements 0.63478
published_at 2026-06-12T12:55:00Z
1
value 0.00435
scoring_system epss
scoring_elements 0.63376
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1755
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1755
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1755
3
reference_url https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994
reference_id 2156573100fd3abf4c65270def77aed20ffc8994
reference_type
scores
0
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:59:13Z/
url https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994
4
reference_url https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a
reference_id 882ffa07-5397-4dbb-886f-4626859d711a
reference_type
scores
0
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:59:13Z/
url https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a
5
reference_url https://github.com/advisories/GHSA-hp8m-g55r-9cfq
reference_id GHSA-hp8m-g55r-9cfq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hp8m-g55r-9cfq
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1755, GHSA-hp8m-g55r-9cfq
risk_score 3.8
exploitability 0.5
weighted_severity 7.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfmg-41jk-qfh6
52
url VCID-kppj-ng9a-9fhs
vulnerability_id VCID-kppj-ng9a-9fhs
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6889
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29793
published_at 2026-06-11T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29991
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6889
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392
3
reference_url https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6889
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6889
5
reference_url https://github.com/advisories/GHSA-w8xj-992g-842f
reference_id GHSA-w8xj-992g-842f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8xj-992g-842f
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.17
purl pkg:composer/thorsten/phpmyfaq@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-9mx6-54u5-fugf
14
vulnerability VCID-b64e-gffa-5kg7
15
vulnerability VCID-e4ep-gxfy-jbah
16
vulnerability VCID-ecpv-3xqn-eqf8
17
vulnerability VCID-emzq-e5ru-w3cx
18
vulnerability VCID-p68j-sbvd-yuh4
19
vulnerability VCID-q6zp-tnjb-pye3
20
vulnerability VCID-qhsm-g24v-k7gj
21
vulnerability VCID-rrz3-kbbd-eyhq
22
vulnerability VCID-tpbv-urbk-h7gf
23
vulnerability VCID-txxg-bugj-6bd4
24
vulnerability VCID-u37t-naar-pbav
25
vulnerability VCID-uerm-mjrz-vyg4
26
vulnerability VCID-ufhy-fdmw-hkdv
27
vulnerability VCID-vjqh-59nn-5ude
28
vulnerability VCID-xt5z-y1n5-37fn
29
vulnerability VCID-yckn-74u4-pkaw
30
vulnerability VCID-z8kb-6u51-8bd9
31
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.17
aliases CVE-2023-6889, GHSA-w8xj-992g-842f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kppj-ng9a-9fhs
53
url VCID-m9y5-g412-zbeh
vulnerability_id VCID-m9y5-g412-zbeh
summary Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0307
reference_id
reference_type
scores
0
value 0.00796
scoring_system epss
scoring_elements 0.74423
published_at 2026-06-11T12:55:00Z
1
value 0.00796
scoring_system epss
scoring_elements 0.74496
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0307
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0307
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0307
3
reference_url https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596
reference_id 8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:25:12Z/
url https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596
4
reference_url https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215
reference_id fac01e9f-e3e5-4985-94ad-59a76485f215
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:25:12Z/
url https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215
5
reference_url https://github.com/advisories/GHSA-4p88-cfhq-f3vg
reference_id GHSA-4p88-cfhq-f3vg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p88-cfhq-f3vg
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0307, GHSA-4p88-cfhq-f3vg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9y5-g412-zbeh
54
url VCID-mt7j-r561-tubz
vulnerability_id VCID-mt7j-r561-tubz
summary Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0311
reference_id
reference_type
scores
0
value 0.01393
scoring_system epss
scoring_elements 0.80853
published_at 2026-06-12T12:55:00Z
1
value 0.01393
scoring_system epss
scoring_elements 0.80793
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0311
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0311
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0311
3
reference_url https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857
reference_id 82b0b629-c56b-4651-af3f-17f749751857
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:18:50Z/
url https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857
4
reference_url https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214
reference_id fe6e9f02ef1b26a03134b9becda12687ee5f3214
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:18:50Z/
url https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214
5
reference_url https://github.com/advisories/GHSA-g92r-9rxw-cmgx
reference_id GHSA-g92r-9rxw-cmgx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g92r-9rxw-cmgx
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0311, GHSA-g92r-9rxw-cmgx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mt7j-r561-tubz
55
url VCID-naqh-qumg-37gh
vulnerability_id VCID-naqh-qumg-37gh
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2428
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.37936
published_at 2026-06-12T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37759
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2428
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2428
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2428
4
reference_url https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab
reference_id 0a4980d870bac92df945f6d022726c4e3ed584ab
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:58:27Z/
url https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab
5
reference_url https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e
reference_id cee65b6d-b003-4e6a-9d14-89aa94bee43e
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:58:27Z/
url https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e
6
reference_url https://github.com/advisories/GHSA-8595-6653-96p2
reference_id GHSA-8595-6653-96p2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8595-6653-96p2
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.13
purl pkg:composer/thorsten/phpmyfaq@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-8vqk-5ha5-4bae
14
vulnerability VCID-9mx6-54u5-fugf
15
vulnerability VCID-b64e-gffa-5kg7
16
vulnerability VCID-e4ep-gxfy-jbah
17
vulnerability VCID-ecpv-3xqn-eqf8
18
vulnerability VCID-emzq-e5ru-w3cx
19
vulnerability VCID-h2wj-7wb2-x3hz
20
vulnerability VCID-kppj-ng9a-9fhs
21
vulnerability VCID-p68j-sbvd-yuh4
22
vulnerability VCID-pb65-wunz-tye6
23
vulnerability VCID-q6zp-tnjb-pye3
24
vulnerability VCID-qhsm-g24v-k7gj
25
vulnerability VCID-rp5d-6b4k-33g5
26
vulnerability VCID-rrz3-kbbd-eyhq
27
vulnerability VCID-tpbv-urbk-h7gf
28
vulnerability VCID-txxg-bugj-6bd4
29
vulnerability VCID-u37t-naar-pbav
30
vulnerability VCID-uerm-mjrz-vyg4
31
vulnerability VCID-ufhy-fdmw-hkdv
32
vulnerability VCID-vjqh-59nn-5ude
33
vulnerability VCID-wcpf-w4c4-ubba
34
vulnerability VCID-x1gz-3d4a-1qdy
35
vulnerability VCID-xt5z-y1n5-37fn
36
vulnerability VCID-yckn-74u4-pkaw
37
vulnerability VCID-yn5s-m3hv-7be8
38
vulnerability VCID-z4qa-mnne-pyay
39
vulnerability VCID-z8kb-6u51-8bd9
40
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13
aliases CVE-2023-2428, GHSA-8595-6653-96p2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-naqh-qumg-37gh
56
url VCID-p68j-sbvd-yuh4
vulnerability_id VCID-p68j-sbvd-yuh4
summary phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along with user email addresses, with similar exposures present in comment, news, and FAQ APIs. This information disclosure vulnerability could enable attackers to harvest email addresses for phishing campaigns or access content that was explicitly marked as private. This issue has been fixed in version 4.0.17.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24422
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06201
published_at 2026-06-11T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06222
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24422
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24422
reference_id CVE-2026-24422
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24422
3
reference_url https://github.com/advisories/GHSA-j4rc-96xj-gvqc
reference_id GHSA-j4rc-96xj-gvqc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j4rc-96xj-gvqc
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc
reference_id GHSA-j4rc-96xj-gvqc
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T14:57:47Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.0.17
purl pkg:composer/thorsten/phpmyfaq@4.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17
1
url pkg:composer/thorsten/phpmyfaq@4.1.0-RC
purl pkg:composer/thorsten/phpmyfaq@4.1.0-RC
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-5pw3-qxh6-6ufr
2
vulnerability VCID-7tpb-1avq-zfhu
3
vulnerability VCID-8k51-budg-h3ak
4
vulnerability VCID-9mx6-54u5-fugf
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-q6zp-tnjb-pye3
7
vulnerability VCID-qhsm-g24v-k7gj
8
vulnerability VCID-rrz3-kbbd-eyhq
9
vulnerability VCID-tpbv-urbk-h7gf
10
vulnerability VCID-txxg-bugj-6bd4
11
vulnerability VCID-vjqh-59nn-5ude
12
vulnerability VCID-yckn-74u4-pkaw
13
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC
aliases CVE-2026-24422, GHSA-j4rc-96xj-gvqc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p68j-sbvd-yuh4
57
url VCID-pb65-wunz-tye6
vulnerability_id VCID-pb65-wunz-tye6
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2999
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58797
published_at 2026-06-12T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58685
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2999
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2999
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2999
3
reference_url https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620
reference_id 4d89c7cc-fb4c-4b64-9b67-f0189f70a620
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:25:48Z/
url https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620
4
reference_url https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd
reference_id 937913948cab382a38f681e0bd29c152e2f383cd
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:25:48Z/
url https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd
5
reference_url https://github.com/advisories/GHSA-94r7-63g8-c4jw
reference_id GHSA-94r7-63g8-c4jw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94r7-63g8-c4jw
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.14
purl pkg:composer/thorsten/phpmyfaq@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-9mx6-54u5-fugf
14
vulnerability VCID-b64e-gffa-5kg7
15
vulnerability VCID-e4ep-gxfy-jbah
16
vulnerability VCID-ecpv-3xqn-eqf8
17
vulnerability VCID-emzq-e5ru-w3cx
18
vulnerability VCID-h2wj-7wb2-x3hz
19
vulnerability VCID-kppj-ng9a-9fhs
20
vulnerability VCID-p68j-sbvd-yuh4
21
vulnerability VCID-q6zp-tnjb-pye3
22
vulnerability VCID-qhsm-g24v-k7gj
23
vulnerability VCID-rp5d-6b4k-33g5
24
vulnerability VCID-rrz3-kbbd-eyhq
25
vulnerability VCID-tpbv-urbk-h7gf
26
vulnerability VCID-txxg-bugj-6bd4
27
vulnerability VCID-u37t-naar-pbav
28
vulnerability VCID-uerm-mjrz-vyg4
29
vulnerability VCID-ufhy-fdmw-hkdv
30
vulnerability VCID-vjqh-59nn-5ude
31
vulnerability VCID-x1gz-3d4a-1qdy
32
vulnerability VCID-xt5z-y1n5-37fn
33
vulnerability VCID-yckn-74u4-pkaw
34
vulnerability VCID-z4qa-mnne-pyay
35
vulnerability VCID-z8kb-6u51-8bd9
36
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.14
aliases CVE-2023-2999, GHSA-94r7-63g8-c4jw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb65-wunz-tye6
58
url VCID-q6zp-tnjb-pye3
vulnerability_id VCID-q6zp-tnjb-pye3
summary phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34973
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29577
published_at 2026-06-11T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29774
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34973
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34973
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34973
3
reference_url https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1
reference_id 4.1.1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/
url https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1
4
reference_url https://github.com/advisories/GHSA-gcp9-5jc8-976x
reference_id GHSA-gcp9-5jc8-976x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gcp9-5jc8-976x
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x
reference_id GHSA-gcp9-5jc8-976x
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.1
purl pkg:composer/thorsten/phpmyfaq@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-426v-vz22-nqem
2
vulnerability VCID-5pw3-qxh6-6ufr
3
vulnerability VCID-7tpb-1avq-zfhu
4
vulnerability VCID-8k51-budg-h3ak
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-n3tn-cpf3-5qe2
7
vulnerability VCID-rrz3-kbbd-eyhq
8
vulnerability VCID-tpbv-urbk-h7gf
9
vulnerability VCID-txxg-bugj-6bd4
10
vulnerability VCID-vjqh-59nn-5ude
11
vulnerability VCID-yckn-74u4-pkaw
12
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1
aliases CVE-2026-34973, GHSA-gcp9-5jc8-976x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q6zp-tnjb-pye3
59
url VCID-qb4k-vsfg-wycb
vulnerability_id VCID-qb4k-vsfg-wycb
summary Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0788
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.61105
published_at 2026-06-12T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60999
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0788
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0788
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0788
4
reference_url https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039
reference_id 77b42b9d0be3990ee7389207a71528b304b03039
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:51:00Z/
url https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039
5
reference_url https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61
reference_id 808d5452-607c-4af1-812f-26c49faf3e61
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:51:00Z/
url https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61
6
reference_url https://github.com/advisories/GHSA-r6cw-356h-mvwg
reference_id GHSA-r6cw-356h-mvwg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6cw-356h-mvwg
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0788, GHSA-r6cw-356h-mvwg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qb4k-vsfg-wycb
60
url VCID-qhsm-g24v-k7gj
vulnerability_id VCID-qhsm-g24v-k7gj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32629
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41566
published_at 2026-06-11T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41732
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32629
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32629
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32629
4
reference_url https://github.com/advisories/GHSA-98gw-w575-h2ph
reference_id GHSA-98gw-w575-h2ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98gw-w575-h2ph
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.1
purl pkg:composer/thorsten/phpmyfaq@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-426v-vz22-nqem
2
vulnerability VCID-5pw3-qxh6-6ufr
3
vulnerability VCID-7tpb-1avq-zfhu
4
vulnerability VCID-8k51-budg-h3ak
5
vulnerability VCID-ecpv-3xqn-eqf8
6
vulnerability VCID-n3tn-cpf3-5qe2
7
vulnerability VCID-rrz3-kbbd-eyhq
8
vulnerability VCID-tpbv-urbk-h7gf
9
vulnerability VCID-txxg-bugj-6bd4
10
vulnerability VCID-vjqh-59nn-5ude
11
vulnerability VCID-yckn-74u4-pkaw
12
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1
aliases CVE-2026-32629, GHSA-98gw-w575-h2ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsm-g24v-k7gj
61
url VCID-qpnp-kehq-f7gm
vulnerability_id VCID-qpnp-kehq-f7gm
summary Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1884
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55621
published_at 2026-06-12T12:55:00Z
1
value 0.00321
scoring_system epss
scoring_elements 0.55501
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1884
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1884
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1884
3
reference_url https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611
reference_id 7f0f921de74c88038826c46bbd2a123518d9d611
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:48:00Z/
url https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611
4
reference_url https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e
reference_id dda73cb6-9344-4822-97a1-2e31efb6a73e
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:48:00Z/
url https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e
5
reference_url https://github.com/advisories/GHSA-gmjj-g2rm-xwm7
reference_id GHSA-gmjj-g2rm-xwm7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmjj-g2rm-xwm7
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1884, GHSA-gmjj-g2rm-xwm7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnp-kehq-f7gm
62
url VCID-qrn1-cpad-puht
vulnerability_id VCID-qrn1-cpad-puht
summary Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0790
reference_id
reference_type
scores
0
value 0.00417
scoring_system epss
scoring_elements 0.62294
published_at 2026-06-12T12:55:00Z
1
value 0.00417
scoring_system epss
scoring_elements 0.62192
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0790
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0790
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0790
3
reference_url https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156
reference_id 06af150b-b481-4248-9a48-56ded2814156
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:49:20Z/
url https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156
4
reference_url https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e
reference_id f34d84dfe551ecdd675916e45cc0606e04a0734e
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:49:20Z/
url https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e
5
reference_url https://github.com/advisories/GHSA-6vv4-qq3r-9rv8
reference_id GHSA-6vv4-qq3r-9rv8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vv4-qq3r-9rv8
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0790, GHSA-6vv4-qq3r-9rv8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrn1-cpad-puht
63
url VCID-r24s-k7p3-f7e4
vulnerability_id VCID-r24s-k7p3-f7e4
summary Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0792
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.60265
published_at 2026-06-12T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.60158
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0792
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0792
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0792
3
reference_url https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f
reference_id 9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:47:46Z/
url https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f
4
reference_url https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1
reference_id d8964568d69488de02f0a0a58acc822eeb5c3cb1
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:47:46Z/
url https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1
5
reference_url https://github.com/advisories/GHSA-wjrj-jc3w-ppfw
reference_id GHSA-wjrj-jc3w-ppfw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjrj-jc3w-ppfw
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0792, GHSA-wjrj-jc3w-ppfw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r24s-k7p3-f7e4
64
url VCID-rp5d-6b4k-33g5
vulnerability_id VCID-rp5d-6b4k-33g5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4006
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34239
published_at 2026-06-11T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34418
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4006
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22
3
reference_url https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4006
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4006
5
reference_url https://github.com/advisories/GHSA-2xvx-368h-qcmv
reference_id GHSA-2xvx-368h-qcmv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xvx-368h-qcmv
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.16
purl pkg:composer/thorsten/phpmyfaq@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-9mx6-54u5-fugf
14
vulnerability VCID-b64e-gffa-5kg7
15
vulnerability VCID-e4ep-gxfy-jbah
16
vulnerability VCID-ecpv-3xqn-eqf8
17
vulnerability VCID-emzq-e5ru-w3cx
18
vulnerability VCID-kppj-ng9a-9fhs
19
vulnerability VCID-p68j-sbvd-yuh4
20
vulnerability VCID-q6zp-tnjb-pye3
21
vulnerability VCID-qhsm-g24v-k7gj
22
vulnerability VCID-rrz3-kbbd-eyhq
23
vulnerability VCID-tpbv-urbk-h7gf
24
vulnerability VCID-txxg-bugj-6bd4
25
vulnerability VCID-u37t-naar-pbav
26
vulnerability VCID-uerm-mjrz-vyg4
27
vulnerability VCID-ufhy-fdmw-hkdv
28
vulnerability VCID-vjqh-59nn-5ude
29
vulnerability VCID-xt5z-y1n5-37fn
30
vulnerability VCID-yckn-74u4-pkaw
31
vulnerability VCID-z4qa-mnne-pyay
32
vulnerability VCID-z8kb-6u51-8bd9
33
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.16
aliases CVE-2023-4006, GHSA-2xvx-368h-qcmv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5d-6b4k-33g5
65
url VCID-rrh1-efbq-tugt
vulnerability_id VCID-rrh1-efbq-tugt
summary Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1880
reference_id
reference_type
scores
0
value 0.14326
scoring_system epss
scoring_elements 0.94581
published_at 2026-06-12T12:55:00Z
1
value 0.14326
scoring_system epss
scoring_elements 0.94563
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1880
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1880
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1880
3
reference_url https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d
reference_id bbc5d4aa4a4375c14e34dd9fcad2042066fe476d
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T19:50:31Z/
url https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d
4
reference_url https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e
reference_id ece5f051-674e-4919-b998-594714910f9e
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T19:50:31Z/
url https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e
5
reference_url https://github.com/advisories/GHSA-m8q9-7v2f-qjx9
reference_id GHSA-m8q9-7v2f-qjx9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8q9-7v2f-qjx9
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1880, GHSA-m8q9-7v2f-qjx9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrh1-efbq-tugt
66
url VCID-rrz3-kbbd-eyhq
vulnerability_id VCID-rrz3-kbbd-eyhq
summary phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45010
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41063
published_at 2026-06-11T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41229
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45010
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45010
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45010
3
reference_url https://github.com/advisories/GHSA-9pq7-mfwh-xx2j
reference_id GHSA-9pq7-mfwh-xx2j
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pq7-mfwh-xx2j
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j
reference_id GHSA-9pq7-mfwh-xx2j
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint
reference_id phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/
url https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-45010, GHSA-9pq7-mfwh-xx2j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrz3-kbbd-eyhq
67
url VCID-spjh-4tvh-gyca
vulnerability_id VCID-spjh-4tvh-gyca
summary Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1754
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54224
published_at 2026-06-12T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54099
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1754
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1754
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1754
3
reference_url https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28
reference_id 529f2361-eb2e-476f-b7ef-4e561a712e28
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:19Z/
url https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28
4
reference_url https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491
reference_id d773df925cb74e874527458beed1f66f966ec491
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:19Z/
url https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491
5
reference_url https://github.com/advisories/GHSA-gvg8-r8w2-9gfj
reference_id GHSA-gvg8-r8w2-9gfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvg8-r8w2-9gfj
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1754, GHSA-gvg8-r8w2-9gfj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-spjh-4tvh-gyca
68
url VCID-tpbv-urbk-h7gf
vulnerability_id VCID-tpbv-urbk-h7gf
summary phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-46359
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10098
published_at 2026-06-11T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10145
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-46359
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46359
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46359
3
reference_url https://github.com/advisories/GHSA-pm8c-3qq3-72w7
reference_id GHSA-pm8c-3qq3-72w7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pm8c-3qq3-72w7
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7
reference_id GHSA-pm8c-3qq3-72w7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields
reference_id phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/
url https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-46359, GHSA-pm8c-3qq3-72w7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpbv-urbk-h7gf
69
url VCID-tq9d-mguz-8bhp
vulnerability_id VCID-tq9d-mguz-8bhp
summary Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1753
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52628
published_at 2026-06-11T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52756
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1753
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1753
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1753
3
reference_url https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b
reference_id 01d6ae23-3a8f-42a8-99f4-10246187d71b
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:53Z/
url https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b
4
reference_url https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5
reference_id f612a72494080e04947da7028340fee4493fe8a5
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:53Z/
url https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5
5
reference_url https://github.com/advisories/GHSA-4p4m-5qp7-479x
reference_id GHSA-4p4m-5qp7-479x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p4m-5qp7-479x
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1753, GHSA-4p4m-5qp7-479x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tq9d-mguz-8bhp
70
url VCID-txxg-bugj-6bd4
vulnerability_id VCID-txxg-bugj-6bd4
summary phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45008
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.1536
published_at 2026-06-11T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15496
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45008
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45008
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45008
3
reference_url https://github.com/advisories/GHSA-gh9p-q46p-57g2
reference_id GHSA-gh9p-q46p-57g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gh9p-q46p-57g2
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2
reference_id GHSA-gh9p-q46p-57g2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter
reference_id phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/
url https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-45008, GHSA-gh9p-q46p-57g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txxg-bugj-6bd4
71
url VCID-ty89-v3b2-7yf7
vulnerability_id VCID-ty89-v3b2-7yf7
summary Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0793
reference_id
reference_type
scores
0
value 0.00246
scoring_system epss
scoring_elements 0.48324
published_at 2026-06-12T12:55:00Z
1
value 0.00246
scoring_system epss
scoring_elements 0.48186
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0793
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0793
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0793
3
reference_url https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547
reference_id 00c04093c671607ee06cdfd670070809460f9547
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:46:24Z/
url https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547
4
reference_url https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9
reference_id b3881a1f-2f1e-45cb-86f3-735f66e660e9
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:46:24Z/
url https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9
5
reference_url https://github.com/advisories/GHSA-fxrq-xhj9-rf5j
reference_id GHSA-fxrq-xhj9-rf5j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxrq-xhj9-rf5j
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0793, GHSA-fxrq-xhj9-rf5j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty89-v3b2-7yf7
72
url VCID-u37t-naar-pbav
vulnerability_id VCID-u37t-naar-pbav
summary phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69200
reference_id
reference_type
scores
0
value 0.02669
scoring_system epss
scoring_elements 0.86186
published_at 2026-06-12T12:55:00Z
1
value 0.02669
scoring_system epss
scoring_elements 0.86136
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69200
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a
reference_id b0e99ee3695152115841cb546d8dce64ceb8c29a
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/
url https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69200
reference_id CVE-2025-69200
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69200
4
reference_url https://github.com/advisories/GHSA-9cg9-4h4f-j6fg
reference_id GHSA-9cg9-4h4f-j6fg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9cg9-4h4f-j6fg
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg
reference_id GHSA-9cg9-4h4f-j6fg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.0.16
purl pkg:composer/thorsten/phpmyfaq@4.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-57ev-2w6v-mbbs
2
vulnerability VCID-5pw3-qxh6-6ufr
3
vulnerability VCID-6jmj-n5mz-bba8
4
vulnerability VCID-7tpb-1avq-zfhu
5
vulnerability VCID-8k51-budg-h3ak
6
vulnerability VCID-9mx6-54u5-fugf
7
vulnerability VCID-ecpv-3xqn-eqf8
8
vulnerability VCID-emzq-e5ru-w3cx
9
vulnerability VCID-p68j-sbvd-yuh4
10
vulnerability VCID-q6zp-tnjb-pye3
11
vulnerability VCID-qhsm-g24v-k7gj
12
vulnerability VCID-rrz3-kbbd-eyhq
13
vulnerability VCID-tpbv-urbk-h7gf
14
vulnerability VCID-txxg-bugj-6bd4
15
vulnerability VCID-vjqh-59nn-5ude
16
vulnerability VCID-yckn-74u4-pkaw
17
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.16
aliases CVE-2025-69200, GHSA-9cg9-4h4f-j6fg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u37t-naar-pbav
73
url VCID-uerm-mjrz-vyg4
vulnerability_id VCID-uerm-mjrz-vyg4
summary Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5227
reference_id
reference_type
scores
0
value 0.00405
scoring_system epss
scoring_elements 0.61551
published_at 2026-06-12T12:55:00Z
1
value 0.00405
scoring_system epss
scoring_elements 0.61447
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5227
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5227
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5227
3
reference_url https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8
reference_id a335c013-db75-4120-872c-42059c7100e8
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:11:37Z/
url https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8
4
reference_url https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297
reference_id abf52487422ce47195c8a80bd904a7af39f60297
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:11:37Z/
url https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297
5
reference_url https://github.com/advisories/GHSA-qcjg-hvg6-hxcp
reference_id GHSA-qcjg-hvg6-hxcp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcjg-hvg6-hxcp
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.18
purl pkg:composer/thorsten/phpmyfaq@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-p68j-sbvd-yuh4
17
vulnerability VCID-q6zp-tnjb-pye3
18
vulnerability VCID-qhsm-g24v-k7gj
19
vulnerability VCID-rrz3-kbbd-eyhq
20
vulnerability VCID-tpbv-urbk-h7gf
21
vulnerability VCID-txxg-bugj-6bd4
22
vulnerability VCID-u37t-naar-pbav
23
vulnerability VCID-vjqh-59nn-5ude
24
vulnerability VCID-xt5z-y1n5-37fn
25
vulnerability VCID-yckn-74u4-pkaw
26
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18
aliases CVE-2023-5227, GHSA-qcjg-hvg6-hxcp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uerm-mjrz-vyg4
74
url VCID-ufhy-fdmw-hkdv
vulnerability_id VCID-ufhy-fdmw-hkdv
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5319
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27233
published_at 2026-06-12T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27028
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5319
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5319
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5319
3
reference_url https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131
reference_id 95ed9b20557ed930d4eed1f3a6db713416f31131
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:08:29Z/
url https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131
4
reference_url https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d
reference_id e2542cbe-41ab-4a90-b6a4-191884c1834d
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:08:29Z/
url https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d
5
reference_url https://github.com/advisories/GHSA-j5ww-5xf4-hqm2
reference_id GHSA-j5ww-5xf4-hqm2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5ww-5xf4-hqm2
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.18
purl pkg:composer/thorsten/phpmyfaq@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-p68j-sbvd-yuh4
17
vulnerability VCID-q6zp-tnjb-pye3
18
vulnerability VCID-qhsm-g24v-k7gj
19
vulnerability VCID-rrz3-kbbd-eyhq
20
vulnerability VCID-tpbv-urbk-h7gf
21
vulnerability VCID-txxg-bugj-6bd4
22
vulnerability VCID-u37t-naar-pbav
23
vulnerability VCID-vjqh-59nn-5ude
24
vulnerability VCID-xt5z-y1n5-37fn
25
vulnerability VCID-yckn-74u4-pkaw
26
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18
aliases CVE-2023-5319, GHSA-j5ww-5xf4-hqm2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufhy-fdmw-hkdv
75
url VCID-v4hc-w2g2-63f5
vulnerability_id VCID-v4hc-w2g2-63f5
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0306
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61855
published_at 2026-06-12T12:55:00Z
1
value 0.0041
scoring_system epss
scoring_elements 0.61754
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0306
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0306
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0306
3
reference_url https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5
reference_id 1815daef61c432bb73b9dca43f03d140c94ef0c5
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:46:25Z/
url https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5
4
reference_url https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde
reference_id cbba22f0-89ed-4d01-81ea-744979c8cbde
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:46:25Z/
url https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde
5
reference_url https://github.com/advisories/GHSA-96x6-jf5w-84c5
reference_id GHSA-96x6-jf5w-84c5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-96x6-jf5w-84c5
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0306, GHSA-96x6-jf5w-84c5
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4hc-w2g2-63f5
76
url VCID-vjqh-59nn-5ude
vulnerability_id VCID-vjqh-59nn-5ude
summary phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-46363
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08901
published_at 2026-06-11T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08945
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-46363
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46363
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46363
3
reference_url https://github.com/advisories/GHSA-f5p7-2c9q-8896
reference_id GHSA-f5p7-2c9q-8896
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f5p7-2c9q-8896
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896
reference_id GHSA-f5p7-2c9q-8896
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass
reference_id phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/
url https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-46363, GHSA-f5p7-2c9q-8896
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vjqh-59nn-5ude
77
url VCID-wcpf-w4c4-ubba
vulnerability_id VCID-wcpf-w4c4-ubba
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2752
reference_id
reference_type
scores
0
value 0.0052
scoring_system epss
scoring_elements 0.67347
published_at 2026-06-12T12:55:00Z
1
value 0.0052
scoring_system epss
scoring_elements 0.67255
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2752
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2752
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2752
3
reference_url https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8
reference_id e7599d49b0ece7ceef3a4e8d334782cc3df98be8
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T17:21:16Z/
url https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8
4
reference_url https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4
reference_id efdf5b24-6d30-4d57-a5b0-13b253ba3ea4
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T17:21:16Z/
url https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4
5
reference_url https://github.com/advisories/GHSA-j657-pjgc-c4h6
reference_id GHSA-j657-pjgc-c4h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j657-pjgc-c4h6
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.0-beta
purl pkg:composer/thorsten/phpmyfaq@3.2.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-h2wj-7wb2-x3hz
17
vulnerability VCID-p68j-sbvd-yuh4
18
vulnerability VCID-q6zp-tnjb-pye3
19
vulnerability VCID-qhsm-g24v-k7gj
20
vulnerability VCID-rrz3-kbbd-eyhq
21
vulnerability VCID-tpbv-urbk-h7gf
22
vulnerability VCID-txxg-bugj-6bd4
23
vulnerability VCID-u37t-naar-pbav
24
vulnerability VCID-vjqh-59nn-5ude
25
vulnerability VCID-xt5z-y1n5-37fn
26
vulnerability VCID-yckn-74u4-pkaw
27
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta
aliases CVE-2023-2752, GHSA-j657-pjgc-c4h6
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcpf-w4c4-ubba
78
url VCID-x1gz-3d4a-1qdy
vulnerability_id VCID-x1gz-3d4a-1qdy
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4007
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31406
published_at 2026-06-12T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31213
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4007
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4007
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4007
3
reference_url https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e
reference_id 40eb9685198128908e83c2bef4c228751fd43a0e
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-11T18:40:36Z/
url https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e
4
reference_url https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea
reference_id e891dcbc-2092-49d3-9518-23e37187a5ea
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-11T18:40:36Z/
url https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea
5
reference_url https://github.com/advisories/GHSA-q9vm-29ph-p7mp
reference_id GHSA-q9vm-29ph-p7mp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q9vm-29ph-p7mp
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.16
purl pkg:composer/thorsten/phpmyfaq@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-9mx6-54u5-fugf
14
vulnerability VCID-b64e-gffa-5kg7
15
vulnerability VCID-e4ep-gxfy-jbah
16
vulnerability VCID-ecpv-3xqn-eqf8
17
vulnerability VCID-emzq-e5ru-w3cx
18
vulnerability VCID-kppj-ng9a-9fhs
19
vulnerability VCID-p68j-sbvd-yuh4
20
vulnerability VCID-q6zp-tnjb-pye3
21
vulnerability VCID-qhsm-g24v-k7gj
22
vulnerability VCID-rrz3-kbbd-eyhq
23
vulnerability VCID-tpbv-urbk-h7gf
24
vulnerability VCID-txxg-bugj-6bd4
25
vulnerability VCID-u37t-naar-pbav
26
vulnerability VCID-uerm-mjrz-vyg4
27
vulnerability VCID-ufhy-fdmw-hkdv
28
vulnerability VCID-vjqh-59nn-5ude
29
vulnerability VCID-xt5z-y1n5-37fn
30
vulnerability VCID-yckn-74u4-pkaw
31
vulnerability VCID-z4qa-mnne-pyay
32
vulnerability VCID-z8kb-6u51-8bd9
33
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.16
aliases CVE-2023-4007, GHSA-q9vm-29ph-p7mp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1gz-3d4a-1qdy
79
url VCID-x4fs-3h7u-4bbe
vulnerability_id VCID-x4fs-3h7u-4bbe
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0313
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49896
published_at 2026-06-12T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49759
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0313
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0313
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0313
3
reference_url https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b
reference_id 1123c0872314fa68d7d0d8136939f62270fb4b7b
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:15:37Z/
url https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b
4
reference_url https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256
reference_id bc27e84b-1f91-4e1b-a78c-944edeba8256
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:15:37Z/
url https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256
5
reference_url https://github.com/advisories/GHSA-x2h8-4mhh-5hwh
reference_id GHSA-x2h8-4mhh-5hwh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2h8-4mhh-5hwh
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.10
purl pkg:composer/thorsten/phpmyfaq@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8k51-budg-h3ak
18
vulnerability VCID-8tff-qn8m-r3hc
19
vulnerability VCID-8vqk-5ha5-4bae
20
vulnerability VCID-9mx6-54u5-fugf
21
vulnerability VCID-ajev-ydxv-nbd5
22
vulnerability VCID-aku3-vveb-gugg
23
vulnerability VCID-ax4d-t793-8bas
24
vulnerability VCID-b214-zgc8-4qdh
25
vulnerability VCID-b4yy-mtkz-hybq
26
vulnerability VCID-b64e-gffa-5kg7
27
vulnerability VCID-bfsb-58cj-mfaa
28
vulnerability VCID-c229-su7g-v3dg
29
vulnerability VCID-cjzd-5q9t-nfek
30
vulnerability VCID-cnr9-cykp-bbaw
31
vulnerability VCID-e4ep-gxfy-jbah
32
vulnerability VCID-e6u1-1y99-5khx
33
vulnerability VCID-ecpv-3xqn-eqf8
34
vulnerability VCID-emzq-e5ru-w3cx
35
vulnerability VCID-gj1u-m1qq-1qb1
36
vulnerability VCID-gnxm-rq5g-g3d9
37
vulnerability VCID-gvt4-1vk8-8fbx
38
vulnerability VCID-h2wj-7wb2-x3hz
39
vulnerability VCID-hygm-7h9w-x7cs
40
vulnerability VCID-jq9j-su28-xken
41
vulnerability VCID-kfmg-41jk-qfh6
42
vulnerability VCID-kppj-ng9a-9fhs
43
vulnerability VCID-naqh-qumg-37gh
44
vulnerability VCID-p68j-sbvd-yuh4
45
vulnerability VCID-pb65-wunz-tye6
46
vulnerability VCID-q6zp-tnjb-pye3
47
vulnerability VCID-qb4k-vsfg-wycb
48
vulnerability VCID-qhsm-g24v-k7gj
49
vulnerability VCID-qpnp-kehq-f7gm
50
vulnerability VCID-qrn1-cpad-puht
51
vulnerability VCID-r24s-k7p3-f7e4
52
vulnerability VCID-rp5d-6b4k-33g5
53
vulnerability VCID-rrh1-efbq-tugt
54
vulnerability VCID-rrz3-kbbd-eyhq
55
vulnerability VCID-spjh-4tvh-gyca
56
vulnerability VCID-tpbv-urbk-h7gf
57
vulnerability VCID-tq9d-mguz-8bhp
58
vulnerability VCID-txxg-bugj-6bd4
59
vulnerability VCID-ty89-v3b2-7yf7
60
vulnerability VCID-u37t-naar-pbav
61
vulnerability VCID-uerm-mjrz-vyg4
62
vulnerability VCID-ufhy-fdmw-hkdv
63
vulnerability VCID-vjqh-59nn-5ude
64
vulnerability VCID-wcpf-w4c4-ubba
65
vulnerability VCID-x1gz-3d4a-1qdy
66
vulnerability VCID-xt5z-y1n5-37fn
67
vulnerability VCID-yckn-74u4-pkaw
68
vulnerability VCID-yh2p-b5px-b7hz
69
vulnerability VCID-yn5s-m3hv-7be8
70
vulnerability VCID-z4qa-mnne-pyay
71
vulnerability VCID-z8kb-6u51-8bd9
72
vulnerability VCID-zaaf-n1z8-v7b3
73
vulnerability VCID-zr1w-jzzj-a7gd
74
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10
aliases CVE-2023-0313, GHSA-x2h8-4mhh-5hwh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4fs-3h7u-4bbe
80
url VCID-xt5z-y1n5-37fn
vulnerability_id VCID-xt5z-y1n5-37fn
summary Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5863
reference_id
reference_type
scores
0
value 0.06224
scoring_system epss
scoring_elements 0.91113
published_at 2026-06-12T12:55:00Z
1
value 0.06224
scoring_system epss
scoring_elements 0.91082
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5863
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5863
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5863
3
reference_url https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f
reference_id 97e813dcd2022bd10a8770569a8b02591716365f
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:50:00Z/
url https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f
4
reference_url https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f
reference_id fbfd4e84-61fb-4063-8f11-15877b8c1f6f
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:50:00Z/
url https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f
5
reference_url https://github.com/advisories/GHSA-j4vj-w5rj-8grw
reference_id GHSA-j4vj-w5rj-8grw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j4vj-w5rj-8grw
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.2.2
purl pkg:composer/thorsten/phpmyfaq@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bsv-7dt5-6qcu
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-9mx6-54u5-fugf
9
vulnerability VCID-b64e-gffa-5kg7
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-emzq-e5ru-w3cx
12
vulnerability VCID-p68j-sbvd-yuh4
13
vulnerability VCID-q6zp-tnjb-pye3
14
vulnerability VCID-qhsm-g24v-k7gj
15
vulnerability VCID-rrz3-kbbd-eyhq
16
vulnerability VCID-tpbv-urbk-h7gf
17
vulnerability VCID-txxg-bugj-6bd4
18
vulnerability VCID-u37t-naar-pbav
19
vulnerability VCID-vjqh-59nn-5ude
20
vulnerability VCID-yckn-74u4-pkaw
21
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2
aliases CVE-2023-5863, GHSA-j4vj-w5rj-8grw
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xt5z-y1n5-37fn
81
url VCID-yckn-74u4-pkaw
vulnerability_id VCID-yckn-74u4-pkaw
summary 
phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags
## Summary

The `TagController::delete()` endpoint at `DELETE /admin/api/content/tags/{tagId}` only verifies that the user is logged in (`userIsAuthenticated()`), but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with `TagController::update()` and `TagController::search()`, which both enforce the `FAQ_EDIT` permission.

## Details

In `phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/TagController.php`, the `delete()` method (line 121-133) uses only `$this->userIsAuthenticated()`:

```php
#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]
public function delete(Request $request): JsonResponse
{
    $this->userIsAuthenticated();  // Only checks isLoggedIn() — no permission check

    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);

    if ($this->tags->delete($tagId)) {
        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);
    }

    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);
}
```

Compare with `update()` (line 48-71) which properly enforces authorization:

```php
public function update(Request $request): JsonResponse
{
    $this->userHasPermission(PermissionType::FAQ_EDIT);  // Proper permission check
    // ... also verifies CSRF token ...
}
```

The `userIsAuthenticated()` method in `AbstractController` (line 258-263) only checks `$this->currentUser->isLoggedIn()`:

```php
protected function userIsAuthenticated(): void
{
    if (!$this->currentUser->isLoggedIn()) {
        throw new UnauthorizedHttpException(challenge: 'User is not authenticated.');
    }
}
```

There is no admin-level middleware in the `Kernel` — it registers only RouterListener, LanguageListener, ControllerContainerListener, and exception listeners. The admin API entry point (`admin/api/index.php`) shares the same bootstrap and session as the frontend, meaning a frontend user's session cookie is valid for admin API requests.

Additionally, this endpoint lacks CSRF token verification (unlike `update()`), though the primary issue is the missing authorization since the attack vector is a logged-in user acting directly.

## PoC

```bash
# Step 1: Register as a regular user on the phpMyFAQ frontend
# (or use any existing non-admin authenticated session)

# Step 2: As the authenticated non-admin user, delete tag with ID 1:
curl -X DELETE 'https://target.com/admin/api/content/tags/1' \
  -H 'Cookie: PHPSESSID=<regular_user_session>'

# Expected: 401 or 403 (user lacks FAQ_EDIT permission)
# Actual: 200 OK with {"success": "..."}

# Step 3: Enumerate and delete all tags:
for i in $(seq 1 100); do
  curl -s -X DELETE "https://target.com/admin/api/content/tags/$i" \
    -H 'Cookie: PHPSESSID=<regular_user_session>'
done
```

## Impact

Any authenticated user (including regular frontend users who registered through the public registration form) can delete all tags in the phpMyFAQ instance. This results in:

- **Data integrity loss:** Tags are permanently deleted from the database. All FAQ-to-tag associations are destroyed.
- **Disruption of FAQ organization:** Tag-based navigation, filtering, and tag clouds become empty or broken.
- **No recoverability without backup:** Deleted tags and their associations cannot be restored without a database backup.

The impact is limited to tags (not FAQ content itself), but in large installations with extensive tag taxonomies, this could significantly degrade usability.

## Recommended Fix

Add the `FAQ_EDIT` permission check and CSRF token verification to `TagController::delete()`, consistent with `TagController::update()`:

```php
#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]
public function delete(Request $request): JsonResponse
{
    $this->userHasPermission(PermissionType::FAQ_EDIT);

    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);

    if ($this->tags->delete($tagId)) {
        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);
    }

    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);
}
```

At minimum, add `$this->userHasPermission(PermissionType::FAQ_EDIT)` to enforce the same authorization as the update and search endpoints. Consider also adding a dedicated `TAG_DELETE` permission type for more granular access control.
references
0
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
1
reference_url https://github.com/advisories/GHSA-7cx3-2qx2-3g6w
reference_id GHSA-7cx3-2qx2-3g6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cx3-2qx2-3g6w
2
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w
reference_id GHSA-7cx3-2qx2-3g6w
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases GHSA-7cx3-2qx2-3g6w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yckn-74u4-pkaw
82
url VCID-ygjv-jn67-p3h9
vulnerability_id VCID-ygjv-jn67-p3h9
summary Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4407
reference_id
reference_type
scores
0
value 0.09241
scoring_system epss
scoring_elements 0.92927
published_at 2026-06-12T12:55:00Z
1
value 0.09241
scoring_system epss
scoring_elements 0.92904
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4407
1
reference_url https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md
2
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4407
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4407
4
reference_url https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5
reference_id 1d73af34bf42764f9f9491c7ba5e9495d70e3ca5
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:37Z/
url https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5
5
reference_url https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b
reference_id a1649f43-78c9-4927-b313-36911872a84b
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:37Z/
url https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52226.txt
reference_id CVE-2022-4407
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52226.txt
7
reference_url https://github.com/advisories/GHSA-cp9c-phxx-55xm
reference_id GHSA-cp9c-phxx-55xm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp9c-phxx-55xm
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.9
purl pkg:composer/thorsten/phpmyfaq@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8hxw-rvte-33a1
18
vulnerability VCID-8k51-budg-h3ak
19
vulnerability VCID-8tff-qn8m-r3hc
20
vulnerability VCID-8vqk-5ha5-4bae
21
vulnerability VCID-9mx6-54u5-fugf
22
vulnerability VCID-ajev-ydxv-nbd5
23
vulnerability VCID-aku3-vveb-gugg
24
vulnerability VCID-ax4d-t793-8bas
25
vulnerability VCID-b214-zgc8-4qdh
26
vulnerability VCID-b4yy-mtkz-hybq
27
vulnerability VCID-b64e-gffa-5kg7
28
vulnerability VCID-bfsb-58cj-mfaa
29
vulnerability VCID-btr7-sehp-zbac
30
vulnerability VCID-c229-su7g-v3dg
31
vulnerability VCID-cjzd-5q9t-nfek
32
vulnerability VCID-cnr9-cykp-bbaw
33
vulnerability VCID-dc77-t7y6-z3ab
34
vulnerability VCID-e4ep-gxfy-jbah
35
vulnerability VCID-e6u1-1y99-5khx
36
vulnerability VCID-ecpv-3xqn-eqf8
37
vulnerability VCID-emzq-e5ru-w3cx
38
vulnerability VCID-fnfe-xws9-8bgg
39
vulnerability VCID-gj1u-m1qq-1qb1
40
vulnerability VCID-gnxm-rq5g-g3d9
41
vulnerability VCID-gsjf-hmab-ruew
42
vulnerability VCID-gvt4-1vk8-8fbx
43
vulnerability VCID-h2wj-7wb2-x3hz
44
vulnerability VCID-hygm-7h9w-x7cs
45
vulnerability VCID-jq9j-su28-xken
46
vulnerability VCID-kfmg-41jk-qfh6
47
vulnerability VCID-kppj-ng9a-9fhs
48
vulnerability VCID-m9y5-g412-zbeh
49
vulnerability VCID-mt7j-r561-tubz
50
vulnerability VCID-naqh-qumg-37gh
51
vulnerability VCID-p68j-sbvd-yuh4
52
vulnerability VCID-pb65-wunz-tye6
53
vulnerability VCID-q6zp-tnjb-pye3
54
vulnerability VCID-qb4k-vsfg-wycb
55
vulnerability VCID-qhsm-g24v-k7gj
56
vulnerability VCID-qpnp-kehq-f7gm
57
vulnerability VCID-qrn1-cpad-puht
58
vulnerability VCID-r24s-k7p3-f7e4
59
vulnerability VCID-rp5d-6b4k-33g5
60
vulnerability VCID-rrh1-efbq-tugt
61
vulnerability VCID-rrz3-kbbd-eyhq
62
vulnerability VCID-spjh-4tvh-gyca
63
vulnerability VCID-tpbv-urbk-h7gf
64
vulnerability VCID-tq9d-mguz-8bhp
65
vulnerability VCID-txxg-bugj-6bd4
66
vulnerability VCID-ty89-v3b2-7yf7
67
vulnerability VCID-u37t-naar-pbav
68
vulnerability VCID-uerm-mjrz-vyg4
69
vulnerability VCID-ufhy-fdmw-hkdv
70
vulnerability VCID-v4hc-w2g2-63f5
71
vulnerability VCID-vjqh-59nn-5ude
72
vulnerability VCID-wcpf-w4c4-ubba
73
vulnerability VCID-x1gz-3d4a-1qdy
74
vulnerability VCID-x4fs-3h7u-4bbe
75
vulnerability VCID-xt5z-y1n5-37fn
76
vulnerability VCID-yckn-74u4-pkaw
77
vulnerability VCID-yh2p-b5px-b7hz
78
vulnerability VCID-yn5s-m3hv-7be8
79
vulnerability VCID-z4qa-mnne-pyay
80
vulnerability VCID-z8kb-6u51-8bd9
81
vulnerability VCID-zaaf-n1z8-v7b3
82
vulnerability VCID-zr1w-jzzj-a7gd
83
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9
aliases CVE-2022-4407, GHSA-cp9c-phxx-55xm
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygjv-jn67-p3h9
83
url VCID-yh2p-b5px-b7hz
vulnerability_id VCID-yh2p-b5px-b7hz
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1757
reference_id
reference_type
scores
0
value 0.00357
scoring_system epss
scoring_elements 0.5849
published_at 2026-06-12T12:55:00Z
1
value 0.00357
scoring_system epss
scoring_elements 0.58378
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1757
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1757
3
reference_url https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19
reference_id 5061e5841be6c218ebb0de0cbf7b7f195dc46d19
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:43:09Z/
url https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19
4
reference_url https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c
reference_id 584a200a-6ff8-4d53-a3c0-e7893edff60c
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:43:09Z/
url https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c
5
reference_url https://github.com/advisories/GHSA-jvjx-qqh7-6x6c
reference_id GHSA-jvjx-qqh7-6x6c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvjx-qqh7-6x6c
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.12
purl pkg:composer/thorsten/phpmyfaq@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-57ev-2w6v-mbbs
9
vulnerability VCID-5pw3-qxh6-6ufr
10
vulnerability VCID-5wsg-7979-dqgs
11
vulnerability VCID-6jmj-n5mz-bba8
12
vulnerability VCID-6w5z-nvj8-wke8
13
vulnerability VCID-7tpb-1avq-zfhu
14
vulnerability VCID-8k51-budg-h3ak
15
vulnerability VCID-8vqk-5ha5-4bae
16
vulnerability VCID-9mx6-54u5-fugf
17
vulnerability VCID-b64e-gffa-5kg7
18
vulnerability VCID-c229-su7g-v3dg
19
vulnerability VCID-cnr9-cykp-bbaw
20
vulnerability VCID-e4ep-gxfy-jbah
21
vulnerability VCID-ecpv-3xqn-eqf8
22
vulnerability VCID-emzq-e5ru-w3cx
23
vulnerability VCID-h2wj-7wb2-x3hz
24
vulnerability VCID-kppj-ng9a-9fhs
25
vulnerability VCID-naqh-qumg-37gh
26
vulnerability VCID-p68j-sbvd-yuh4
27
vulnerability VCID-pb65-wunz-tye6
28
vulnerability VCID-q6zp-tnjb-pye3
29
vulnerability VCID-qhsm-g24v-k7gj
30
vulnerability VCID-rp5d-6b4k-33g5
31
vulnerability VCID-rrz3-kbbd-eyhq
32
vulnerability VCID-tpbv-urbk-h7gf
33
vulnerability VCID-txxg-bugj-6bd4
34
vulnerability VCID-u37t-naar-pbav
35
vulnerability VCID-uerm-mjrz-vyg4
36
vulnerability VCID-ufhy-fdmw-hkdv
37
vulnerability VCID-vjqh-59nn-5ude
38
vulnerability VCID-wcpf-w4c4-ubba
39
vulnerability VCID-x1gz-3d4a-1qdy
40
vulnerability VCID-xt5z-y1n5-37fn
41
vulnerability VCID-yckn-74u4-pkaw
42
vulnerability VCID-yn5s-m3hv-7be8
43
vulnerability VCID-z4qa-mnne-pyay
44
vulnerability VCID-z8kb-6u51-8bd9
45
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12
aliases CVE-2023-1757, GHSA-jvjx-qqh7-6x6c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yh2p-b5px-b7hz
84
url VCID-yn5s-m3hv-7be8
vulnerability_id VCID-yn5s-m3hv-7be8
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2998
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.60448
published_at 2026-06-12T12:55:00Z
1
value 0.00388
scoring_system epss
scoring_elements 0.60342
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2998
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2998
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2998
3
reference_url https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78
reference_id 8282d78e-f399-4bf4-8403-f39103a31e78
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:26:29Z/
url https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78
4
reference_url https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493
reference_id c120070a66e6c497c328d3b6b067eebcd8ea8493
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:26:29Z/
url https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493
5
reference_url https://github.com/advisories/GHSA-974q-4vvr-vg9c
reference_id GHSA-974q-4vvr-vg9c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-974q-4vvr-vg9c
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.14
purl pkg:composer/thorsten/phpmyfaq@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-9mx6-54u5-fugf
14
vulnerability VCID-b64e-gffa-5kg7
15
vulnerability VCID-e4ep-gxfy-jbah
16
vulnerability VCID-ecpv-3xqn-eqf8
17
vulnerability VCID-emzq-e5ru-w3cx
18
vulnerability VCID-h2wj-7wb2-x3hz
19
vulnerability VCID-kppj-ng9a-9fhs
20
vulnerability VCID-p68j-sbvd-yuh4
21
vulnerability VCID-q6zp-tnjb-pye3
22
vulnerability VCID-qhsm-g24v-k7gj
23
vulnerability VCID-rp5d-6b4k-33g5
24
vulnerability VCID-rrz3-kbbd-eyhq
25
vulnerability VCID-tpbv-urbk-h7gf
26
vulnerability VCID-txxg-bugj-6bd4
27
vulnerability VCID-u37t-naar-pbav
28
vulnerability VCID-uerm-mjrz-vyg4
29
vulnerability VCID-ufhy-fdmw-hkdv
30
vulnerability VCID-vjqh-59nn-5ude
31
vulnerability VCID-x1gz-3d4a-1qdy
32
vulnerability VCID-xt5z-y1n5-37fn
33
vulnerability VCID-yckn-74u4-pkaw
34
vulnerability VCID-z4qa-mnne-pyay
35
vulnerability VCID-z8kb-6u51-8bd9
36
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.14
aliases CVE-2023-2998, GHSA-974q-4vvr-vg9c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5s-m3hv-7be8
85
url VCID-z4qa-mnne-pyay
vulnerability_id VCID-z4qa-mnne-pyay
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6890
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29793
published_at 2026-06-11T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29991
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6890
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43
3
reference_url https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6890
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6890
5
reference_url https://github.com/advisories/GHSA-4h37-q5j3-hw96
reference_id GHSA-4h37-q5j3-hw96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4h37-q5j3-hw96
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.17
purl pkg:composer/thorsten/phpmyfaq@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kny-sn17-gbdz
1
vulnerability VCID-1q6p-7t7t-87e5
2
vulnerability VCID-1qwx-htn1-4bg8
3
vulnerability VCID-2bb7-xtyn-dbcq
4
vulnerability VCID-2bsv-7dt5-6qcu
5
vulnerability VCID-2wd2-u5mg-suh4
6
vulnerability VCID-57ev-2w6v-mbbs
7
vulnerability VCID-5pw3-qxh6-6ufr
8
vulnerability VCID-5wsg-7979-dqgs
9
vulnerability VCID-6jmj-n5mz-bba8
10
vulnerability VCID-6w5z-nvj8-wke8
11
vulnerability VCID-7tpb-1avq-zfhu
12
vulnerability VCID-8k51-budg-h3ak
13
vulnerability VCID-9mx6-54u5-fugf
14
vulnerability VCID-b64e-gffa-5kg7
15
vulnerability VCID-e4ep-gxfy-jbah
16
vulnerability VCID-ecpv-3xqn-eqf8
17
vulnerability VCID-emzq-e5ru-w3cx
18
vulnerability VCID-p68j-sbvd-yuh4
19
vulnerability VCID-q6zp-tnjb-pye3
20
vulnerability VCID-qhsm-g24v-k7gj
21
vulnerability VCID-rrz3-kbbd-eyhq
22
vulnerability VCID-tpbv-urbk-h7gf
23
vulnerability VCID-txxg-bugj-6bd4
24
vulnerability VCID-u37t-naar-pbav
25
vulnerability VCID-uerm-mjrz-vyg4
26
vulnerability VCID-ufhy-fdmw-hkdv
27
vulnerability VCID-vjqh-59nn-5ude
28
vulnerability VCID-xt5z-y1n5-37fn
29
vulnerability VCID-yckn-74u4-pkaw
30
vulnerability VCID-z8kb-6u51-8bd9
31
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.17
aliases CVE-2023-6890, GHSA-4h37-q5j3-hw96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4qa-mnne-pyay
86
url VCID-z8kb-6u51-8bd9
vulnerability_id VCID-z8kb-6u51-8bd9
summary Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5316
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52656
published_at 2026-06-12T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52529
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5316
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5316
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5316
3
reference_url https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa
reference_id 332d2e4a83251d406ca58dd11c27c598673aa5fa
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:05:40Z/
url https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa
4
reference_url https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43
reference_id f877e65a-e647-457b-b105-7e5c9f58fb43
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:05:40Z/
url https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43
5
reference_url https://github.com/advisories/GHSA-58v7-58c2-qwm9
reference_id GHSA-58v7-58c2-qwm9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58v7-58c2-qwm9
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.18
purl pkg:composer/thorsten/phpmyfaq@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2bb7-xtyn-dbcq
2
vulnerability VCID-2bsv-7dt5-6qcu
3
vulnerability VCID-2wd2-u5mg-suh4
4
vulnerability VCID-57ev-2w6v-mbbs
5
vulnerability VCID-5pw3-qxh6-6ufr
6
vulnerability VCID-5wsg-7979-dqgs
7
vulnerability VCID-6jmj-n5mz-bba8
8
vulnerability VCID-6w5z-nvj8-wke8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-9mx6-54u5-fugf
12
vulnerability VCID-b64e-gffa-5kg7
13
vulnerability VCID-e4ep-gxfy-jbah
14
vulnerability VCID-ecpv-3xqn-eqf8
15
vulnerability VCID-emzq-e5ru-w3cx
16
vulnerability VCID-p68j-sbvd-yuh4
17
vulnerability VCID-q6zp-tnjb-pye3
18
vulnerability VCID-qhsm-g24v-k7gj
19
vulnerability VCID-rrz3-kbbd-eyhq
20
vulnerability VCID-tpbv-urbk-h7gf
21
vulnerability VCID-txxg-bugj-6bd4
22
vulnerability VCID-u37t-naar-pbav
23
vulnerability VCID-vjqh-59nn-5ude
24
vulnerability VCID-xt5z-y1n5-37fn
25
vulnerability VCID-yckn-74u4-pkaw
26
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18
aliases CVE-2023-5316, GHSA-58v7-58c2-qwm9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8kb-6u51-8bd9
87
url VCID-zaaf-n1z8-v7b3
vulnerability_id VCID-zaaf-n1z8-v7b3
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0794
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58565
published_at 2026-06-12T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.58453
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0794
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0794
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0794
4
reference_url https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb
reference_id 949975f1-271d-46aa-85e5-1a013cdb5efb
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:47:10Z/
url https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb
5
reference_url https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635
reference_id edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:47:10Z/
url https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635
6
reference_url https://github.com/advisories/GHSA-gf34-hh5r-f74h
reference_id GHSA-gf34-hh5r-f74h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gf34-hh5r-f74h
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0794, GHSA-gf34-hh5r-f74h
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zaaf-n1z8-v7b3
88
url VCID-zpeg-pwqh-hbby
vulnerability_id VCID-zpeg-pwqh-hbby
summary Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3765
reference_id
reference_type
scores
0
value 0.00435
scoring_system epss
scoring_elements 0.63476
published_at 2026-06-12T12:55:00Z
1
value 0.00435
scoring_system epss
scoring_elements 0.63373
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3765
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af
reference_id 372428d02a08e90b3a253ba5c506cda84581a5af
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:01:23Z/
url https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af
3
reference_url https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d
reference_id 613143a1-8e51-449a-b214-12458308835d
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:01:23Z/
url https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3765
reference_id CVE-2022-3765
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3765
5
reference_url https://github.com/advisories/GHSA-wr74-2v66-57pp
reference_id GHSA-wr74-2v66-57pp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wr74-2v66-57pp
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.8
purl pkg:composer/thorsten/phpmyfaq@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-569v-kyhm-6bd7
11
vulnerability VCID-57ev-2w6v-mbbs
12
vulnerability VCID-5pw3-qxh6-6ufr
13
vulnerability VCID-5wsg-7979-dqgs
14
vulnerability VCID-6jmj-n5mz-bba8
15
vulnerability VCID-6w5z-nvj8-wke8
16
vulnerability VCID-7tpb-1avq-zfhu
17
vulnerability VCID-8fkr-xfw6-ffcj
18
vulnerability VCID-8hxw-rvte-33a1
19
vulnerability VCID-8k51-budg-h3ak
20
vulnerability VCID-8tff-qn8m-r3hc
21
vulnerability VCID-8vqk-5ha5-4bae
22
vulnerability VCID-9mx6-54u5-fugf
23
vulnerability VCID-ajev-ydxv-nbd5
24
vulnerability VCID-aku3-vveb-gugg
25
vulnerability VCID-ax4d-t793-8bas
26
vulnerability VCID-b214-zgc8-4qdh
27
vulnerability VCID-b4yy-mtkz-hybq
28
vulnerability VCID-b64e-gffa-5kg7
29
vulnerability VCID-bfsb-58cj-mfaa
30
vulnerability VCID-btr7-sehp-zbac
31
vulnerability VCID-c229-su7g-v3dg
32
vulnerability VCID-cjzd-5q9t-nfek
33
vulnerability VCID-cnr9-cykp-bbaw
34
vulnerability VCID-dc77-t7y6-z3ab
35
vulnerability VCID-e4ep-gxfy-jbah
36
vulnerability VCID-e6u1-1y99-5khx
37
vulnerability VCID-ecpv-3xqn-eqf8
38
vulnerability VCID-emzq-e5ru-w3cx
39
vulnerability VCID-fnfe-xws9-8bgg
40
vulnerability VCID-gj1u-m1qq-1qb1
41
vulnerability VCID-gnxm-rq5g-g3d9
42
vulnerability VCID-gsjf-hmab-ruew
43
vulnerability VCID-gvt4-1vk8-8fbx
44
vulnerability VCID-h2wj-7wb2-x3hz
45
vulnerability VCID-hygm-7h9w-x7cs
46
vulnerability VCID-jq9j-su28-xken
47
vulnerability VCID-kfmg-41jk-qfh6
48
vulnerability VCID-kppj-ng9a-9fhs
49
vulnerability VCID-m9y5-g412-zbeh
50
vulnerability VCID-mt7j-r561-tubz
51
vulnerability VCID-naqh-qumg-37gh
52
vulnerability VCID-p68j-sbvd-yuh4
53
vulnerability VCID-pb65-wunz-tye6
54
vulnerability VCID-q6zp-tnjb-pye3
55
vulnerability VCID-qb4k-vsfg-wycb
56
vulnerability VCID-qhsm-g24v-k7gj
57
vulnerability VCID-qpnp-kehq-f7gm
58
vulnerability VCID-qrn1-cpad-puht
59
vulnerability VCID-r24s-k7p3-f7e4
60
vulnerability VCID-rp5d-6b4k-33g5
61
vulnerability VCID-rrh1-efbq-tugt
62
vulnerability VCID-rrz3-kbbd-eyhq
63
vulnerability VCID-spjh-4tvh-gyca
64
vulnerability VCID-tpbv-urbk-h7gf
65
vulnerability VCID-tq9d-mguz-8bhp
66
vulnerability VCID-txxg-bugj-6bd4
67
vulnerability VCID-ty89-v3b2-7yf7
68
vulnerability VCID-u37t-naar-pbav
69
vulnerability VCID-uerm-mjrz-vyg4
70
vulnerability VCID-ufhy-fdmw-hkdv
71
vulnerability VCID-v4hc-w2g2-63f5
72
vulnerability VCID-vjqh-59nn-5ude
73
vulnerability VCID-wcpf-w4c4-ubba
74
vulnerability VCID-x1gz-3d4a-1qdy
75
vulnerability VCID-x4fs-3h7u-4bbe
76
vulnerability VCID-xt5z-y1n5-37fn
77
vulnerability VCID-yckn-74u4-pkaw
78
vulnerability VCID-ygjv-jn67-p3h9
79
vulnerability VCID-yh2p-b5px-b7hz
80
vulnerability VCID-yn5s-m3hv-7be8
81
vulnerability VCID-z4qa-mnne-pyay
82
vulnerability VCID-z8kb-6u51-8bd9
83
vulnerability VCID-zaaf-n1z8-v7b3
84
vulnerability VCID-zr1w-jzzj-a7gd
85
vulnerability VCID-ztw9-5sne-p3e9
86
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8
aliases CVE-2022-3765, GHSA-wr74-2v66-57pp
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpeg-pwqh-hbby
89
url VCID-zr1w-jzzj-a7gd
vulnerability_id VCID-zr1w-jzzj-a7gd
summary phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-46362
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14909
published_at 2026-06-11T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.15029
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-46362
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46362
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46362
3
reference_url https://github.com/advisories/GHSA-hpgw-ww76-c68r
reference_id GHSA-hpgw-ww76-c68r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpgw-ww76-c68r
4
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r
reference_id GHSA-hpgw-ww76-c68r
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r
5
reference_url https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check
reference_id phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/
url https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
aliases CVE-2026-46362, GHSA-hpgw-ww76-c68r
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1w-jzzj-a7gd
90
url VCID-ztw9-5sne-p3e9
vulnerability_id VCID-ztw9-5sne-p3e9
summary Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4409
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.37178
published_at 2026-06-12T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.37
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4409
1
reference_url https://github.com/thorsten/phpmyfaq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpmyfaq
2
reference_url https://github.com/thorsten/phpMyFAQ/commit/c16cc2bbe2687f75aa1204b804483091fae43cba
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ/commit/c16cc2bbe2687f75aa1204b804483091fae43cba
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4409
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4409
4
reference_url https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c
reference_id 5915ed4c-5fe2-42e7-8fac-5dd0d032727c
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:43:47Z/
url https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c
5
reference_url https://github.com/thorsten/phpmyfaq/commit/8b47f38
reference_id 8b47f38
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:43:47Z/
url https://github.com/thorsten/phpmyfaq/commit/8b47f38
6
reference_url https://github.com/advisories/GHSA-wpgc-5cr5-h9gg
reference_id GHSA-wpgc-5cr5-h9gg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpgc-5cr5-h9gg
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.9
purl pkg:composer/thorsten/phpmyfaq@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-1rpy-1jkw-w3fx
6
vulnerability VCID-2bb7-xtyn-dbcq
7
vulnerability VCID-2bsv-7dt5-6qcu
8
vulnerability VCID-2wd2-u5mg-suh4
9
vulnerability VCID-4ej8-n833-fuf4
10
vulnerability VCID-57ev-2w6v-mbbs
11
vulnerability VCID-5pw3-qxh6-6ufr
12
vulnerability VCID-5wsg-7979-dqgs
13
vulnerability VCID-6jmj-n5mz-bba8
14
vulnerability VCID-6w5z-nvj8-wke8
15
vulnerability VCID-7tpb-1avq-zfhu
16
vulnerability VCID-8fkr-xfw6-ffcj
17
vulnerability VCID-8hxw-rvte-33a1
18
vulnerability VCID-8k51-budg-h3ak
19
vulnerability VCID-8tff-qn8m-r3hc
20
vulnerability VCID-8vqk-5ha5-4bae
21
vulnerability VCID-9mx6-54u5-fugf
22
vulnerability VCID-ajev-ydxv-nbd5
23
vulnerability VCID-aku3-vveb-gugg
24
vulnerability VCID-ax4d-t793-8bas
25
vulnerability VCID-b214-zgc8-4qdh
26
vulnerability VCID-b4yy-mtkz-hybq
27
vulnerability VCID-b64e-gffa-5kg7
28
vulnerability VCID-bfsb-58cj-mfaa
29
vulnerability VCID-btr7-sehp-zbac
30
vulnerability VCID-c229-su7g-v3dg
31
vulnerability VCID-cjzd-5q9t-nfek
32
vulnerability VCID-cnr9-cykp-bbaw
33
vulnerability VCID-dc77-t7y6-z3ab
34
vulnerability VCID-e4ep-gxfy-jbah
35
vulnerability VCID-e6u1-1y99-5khx
36
vulnerability VCID-ecpv-3xqn-eqf8
37
vulnerability VCID-emzq-e5ru-w3cx
38
vulnerability VCID-fnfe-xws9-8bgg
39
vulnerability VCID-gj1u-m1qq-1qb1
40
vulnerability VCID-gnxm-rq5g-g3d9
41
vulnerability VCID-gsjf-hmab-ruew
42
vulnerability VCID-gvt4-1vk8-8fbx
43
vulnerability VCID-h2wj-7wb2-x3hz
44
vulnerability VCID-hygm-7h9w-x7cs
45
vulnerability VCID-jq9j-su28-xken
46
vulnerability VCID-kfmg-41jk-qfh6
47
vulnerability VCID-kppj-ng9a-9fhs
48
vulnerability VCID-m9y5-g412-zbeh
49
vulnerability VCID-mt7j-r561-tubz
50
vulnerability VCID-naqh-qumg-37gh
51
vulnerability VCID-p68j-sbvd-yuh4
52
vulnerability VCID-pb65-wunz-tye6
53
vulnerability VCID-q6zp-tnjb-pye3
54
vulnerability VCID-qb4k-vsfg-wycb
55
vulnerability VCID-qhsm-g24v-k7gj
56
vulnerability VCID-qpnp-kehq-f7gm
57
vulnerability VCID-qrn1-cpad-puht
58
vulnerability VCID-r24s-k7p3-f7e4
59
vulnerability VCID-rp5d-6b4k-33g5
60
vulnerability VCID-rrh1-efbq-tugt
61
vulnerability VCID-rrz3-kbbd-eyhq
62
vulnerability VCID-spjh-4tvh-gyca
63
vulnerability VCID-tpbv-urbk-h7gf
64
vulnerability VCID-tq9d-mguz-8bhp
65
vulnerability VCID-txxg-bugj-6bd4
66
vulnerability VCID-ty89-v3b2-7yf7
67
vulnerability VCID-u37t-naar-pbav
68
vulnerability VCID-uerm-mjrz-vyg4
69
vulnerability VCID-ufhy-fdmw-hkdv
70
vulnerability VCID-v4hc-w2g2-63f5
71
vulnerability VCID-vjqh-59nn-5ude
72
vulnerability VCID-wcpf-w4c4-ubba
73
vulnerability VCID-x1gz-3d4a-1qdy
74
vulnerability VCID-x4fs-3h7u-4bbe
75
vulnerability VCID-xt5z-y1n5-37fn
76
vulnerability VCID-yckn-74u4-pkaw
77
vulnerability VCID-yh2p-b5px-b7hz
78
vulnerability VCID-yn5s-m3hv-7be8
79
vulnerability VCID-z4qa-mnne-pyay
80
vulnerability VCID-z8kb-6u51-8bd9
81
vulnerability VCID-zaaf-n1z8-v7b3
82
vulnerability VCID-zr1w-jzzj-a7gd
83
vulnerability VCID-zwsu-pwxb-u3h5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9
aliases CVE-2022-4409, GHSA-wpgc-5cr5-h9gg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztw9-5sne-p3e9
91
url VCID-zwsu-pwxb-u3h5
vulnerability_id VCID-zwsu-pwxb-u3h5
summary Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0787
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.52505
published_at 2026-06-12T12:55:00Z
1
value 0.00286
scoring_system epss
scoring_elements 0.52376
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0787
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0787
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0787
3
reference_url https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024
reference_id 87397c71-7b84-4617-a66e-fa6c73be9024
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:46:47Z/
url https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024
4
reference_url https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612
reference_id b76d58321a7a595eeaf4f7a30403ca6cd8506612
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:46:47Z/
url https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612
5
reference_url https://github.com/advisories/GHSA-gxxj-x426-xj2w
reference_id GHSA-gxxj-x426-xj2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxxj-x426-xj2w
fixed_packages
0
url pkg:composer/thorsten/phpmyfaq@3.1.11
purl pkg:composer/thorsten/phpmyfaq@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15bx-wfer-qygk
1
vulnerability VCID-15yp-h3fj-pbb1
2
vulnerability VCID-1kny-sn17-gbdz
3
vulnerability VCID-1q6p-7t7t-87e5
4
vulnerability VCID-1qwx-htn1-4bg8
5
vulnerability VCID-2bb7-xtyn-dbcq
6
vulnerability VCID-2bsv-7dt5-6qcu
7
vulnerability VCID-2wd2-u5mg-suh4
8
vulnerability VCID-4ej8-n833-fuf4
9
vulnerability VCID-57ev-2w6v-mbbs
10
vulnerability VCID-5pw3-qxh6-6ufr
11
vulnerability VCID-5wsg-7979-dqgs
12
vulnerability VCID-6jmj-n5mz-bba8
13
vulnerability VCID-6w5z-nvj8-wke8
14
vulnerability VCID-7tpb-1avq-zfhu
15
vulnerability VCID-8fkr-xfw6-ffcj
16
vulnerability VCID-8k51-budg-h3ak
17
vulnerability VCID-8tff-qn8m-r3hc
18
vulnerability VCID-8vqk-5ha5-4bae
19
vulnerability VCID-9mx6-54u5-fugf
20
vulnerability VCID-ajev-ydxv-nbd5
21
vulnerability VCID-aku3-vveb-gugg
22
vulnerability VCID-b214-zgc8-4qdh
23
vulnerability VCID-b4yy-mtkz-hybq
24
vulnerability VCID-b64e-gffa-5kg7
25
vulnerability VCID-bfsb-58cj-mfaa
26
vulnerability VCID-c229-su7g-v3dg
27
vulnerability VCID-cjzd-5q9t-nfek
28
vulnerability VCID-cnr9-cykp-bbaw
29
vulnerability VCID-e4ep-gxfy-jbah
30
vulnerability VCID-ecpv-3xqn-eqf8
31
vulnerability VCID-emzq-e5ru-w3cx
32
vulnerability VCID-gj1u-m1qq-1qb1
33
vulnerability VCID-gnxm-rq5g-g3d9
34
vulnerability VCID-gvt4-1vk8-8fbx
35
vulnerability VCID-h2wj-7wb2-x3hz
36
vulnerability VCID-hygm-7h9w-x7cs
37
vulnerability VCID-kfmg-41jk-qfh6
38
vulnerability VCID-kppj-ng9a-9fhs
39
vulnerability VCID-naqh-qumg-37gh
40
vulnerability VCID-p68j-sbvd-yuh4
41
vulnerability VCID-pb65-wunz-tye6
42
vulnerability VCID-q6zp-tnjb-pye3
43
vulnerability VCID-qhsm-g24v-k7gj
44
vulnerability VCID-qpnp-kehq-f7gm
45
vulnerability VCID-rp5d-6b4k-33g5
46
vulnerability VCID-rrh1-efbq-tugt
47
vulnerability VCID-rrz3-kbbd-eyhq
48
vulnerability VCID-spjh-4tvh-gyca
49
vulnerability VCID-tpbv-urbk-h7gf
50
vulnerability VCID-tq9d-mguz-8bhp
51
vulnerability VCID-txxg-bugj-6bd4
52
vulnerability VCID-u37t-naar-pbav
53
vulnerability VCID-uerm-mjrz-vyg4
54
vulnerability VCID-ufhy-fdmw-hkdv
55
vulnerability VCID-vjqh-59nn-5ude
56
vulnerability VCID-wcpf-w4c4-ubba
57
vulnerability VCID-x1gz-3d4a-1qdy
58
vulnerability VCID-xt5z-y1n5-37fn
59
vulnerability VCID-yckn-74u4-pkaw
60
vulnerability VCID-yh2p-b5px-b7hz
61
vulnerability VCID-yn5s-m3hv-7be8
62
vulnerability VCID-z4qa-mnne-pyay
63
vulnerability VCID-z8kb-6u51-8bd9
64
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11
aliases CVE-2023-0787, GHSA-gxxj-x426-xj2w
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwsu-pwxb-u3h5
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@2.8.11