Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/593003?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/593003?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@3.0.0-beta.3", "type": "composer", "namespace": "phpmyfaq", "name": "phpmyfaq", "version": "3.0.0-beta.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.3", "latest_non_vulnerable_version": "4.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68252?format=api", "vulnerability_id": "VCID-1qwx-htn1-4bg8", "summary": "phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2036", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92161", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92165", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92167", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46364" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46364", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46364" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92", "reference_id": "b9f25109fddb38eee19987183798638d07943f92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92" }, { "reference_url": "https://github.com/advisories/GHSA-289f-fq7w-6q2w", "reference_id": "GHSA-289f-fq7w-6q2w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-289f-fq7w-6q2w" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w", "reference_id": "GHSA-289f-fq7w-6q2w", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha", "reference_id": "phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46364", "GHSA-289f-fq7w-6q2w" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwx-htn1-4bg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175148?format=api", "vulnerability_id": "VCID-1v6k-n15u-1bcm", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.668", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66907", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66892", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66906", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3608" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677", "reference_id": "37123edd50f854bd141e6fbe65221af2d5cf2677", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677" }, { "reference_url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850", "reference_id": "8f0f3635-9d81-4c55-9826-2ba955c3a850", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/" } ], "url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3608", "reference_id": "CVE-2022-3608", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3608" }, { "reference_url": "https://github.com/advisories/GHSA-6rj8-9cm9-6gff", "reference_id": "GHSA-6rj8-9cm9-6gff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6rj8-9cm9-6gff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27514?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@3.2.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-3akv-usbd-53bt" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-s9hv-md3j-17hr" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ujpq-qjkp-fygk" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.0-alpha" } ], "aliases": [ "CVE-2022-3608", "GHSA-6rj8-9cm9-6gff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v6k-n15u-1bcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359183?format=api", "vulnerability_id": "VCID-2na9-t3m7-wfhn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16466", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1661", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16622", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16595", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34729" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-cv2g-8cj8-vgc7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-cv2g-8cj8-vgc7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34729" }, { "reference_url": "https://github.com/advisories/GHSA-cv2g-8cj8-vgc7", "reference_id": "GHSA-cv2g-8cj8-vgc7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cv2g-8cj8-vgc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373458?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-34729", "GHSA-cv2g-8cj8-vgc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2na9-t3m7-wfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62082?format=api", "vulnerability_id": "VCID-3akv-usbd-53bt", "summary": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52452", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52458", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52329", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.5247", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22202" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://www.phpmyfaq.de/security/advisory-2024-02-05", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyfaq.de/security/advisory-2024-02-05" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d", "reference_id": "1348dcecdaec5a5714ad567c16429432417b534d", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T15:44:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22202", "reference_id": "CVE-2024-22202", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22202" }, { "reference_url": "https://github.com/advisories/GHSA-6648-6g96-mg35", "reference_id": "GHSA-6648-6g96-mg35", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6648-6g96-mg35" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35", "reference_id": "GHSA-6648-6g96-mg35", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T15:44:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28753?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-129s-b67r-uyfw" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-5256-zeqq-yqas" }, { "vulnerability": "VCID-527w-e1dv-qyhe" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-cq9g-8pv2-bfcm" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q524-u3fc-2uac" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qtya-dhhw-uqa9" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wgqs-pf23-dkdb" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yjdz-bsf2-xbfz" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5" } ], "aliases": [ "CVE-2024-22202", "GHSA-6648-6g96-mg35" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3akv-usbd-53bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83111?format=api", "vulnerability_id": "VCID-57ev-2w6v-mbbs", "summary": "phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50491", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50496", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50509", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50358", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24421" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt", "reference_id": "CVE-2026-24421", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24421", "reference_id": "CVE-2026-24421", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24421" }, { "reference_url": "https://github.com/advisories/GHSA-wm8h-26fv-mg7g", "reference_id": "GHSA-wm8h-26fv-mg7g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm8h-26fv-mg7g" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g", "reference_id": "GHSA-wm8h-26fv-mg7g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:22Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38148?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/932214?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24421", "GHSA-wm8h-26fv-mg7g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57ev-2w6v-mbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68191?format=api", "vulnerability_id": "VCID-5pw3-qxh6-6ufr", "summary": "phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23541", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23563", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23355", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46366" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46366" }, { "reference_url": "https://github.com/advisories/GHSA-99qv-g4x9-mgc3", "reference_id": "GHSA-99qv-g4x9-mgc3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99qv-g4x9-mgc3" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3", "reference_id": "GHSA-99qv-g4x9-mgc3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass", "reference_id": "phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46366", "GHSA-99qv-g4x9-mgc3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pw3-qxh6-6ufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102633?format=api", "vulnerability_id": "VCID-5wsg-7979-dqgs", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30546", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3035", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62519" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14", "reference_id": "4.0.13...4.0.14", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62519", "reference_id": "CVE-2025-62519", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62519" }, { "reference_url": "https://github.com/advisories/GHSA-fxm2-cmwj-qvx4", "reference_id": "GHSA-fxm2-cmwj-qvx4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxm2-cmwj-qvx4" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4", "reference_id": "GHSA-fxm2-cmwj-qvx4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35277?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.14" } ], "aliases": [ "CVE-2025-62519", "GHSA-fxm2-cmwj-qvx4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wsg-7979-dqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83252?format=api", "vulnerability_id": "VCID-6jmj-n5mz-bba8", "summary": "phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03833", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03857", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03844", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03854", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24420" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24420", "reference_id": "CVE-2026-24420", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24420" }, { "reference_url": "https://github.com/advisories/GHSA-7p9h-m7m8-vhhv", "reference_id": "GHSA-7p9h-m7m8-vhhv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p9h-m7m8-vhhv" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv", "reference_id": "GHSA-7p9h-m7m8-vhhv", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T15:00:41Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38148?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/932214?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24420", "GHSA-7p9h-m7m8-vhhv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmj-n5mz-bba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68138?format=api", "vulnerability_id": "VCID-7tpb-1avq-zfhu", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01334", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01347", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01344", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01337", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46361" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46361", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46361" }, { "reference_url": "https://github.com/advisories/GHSA-pqh6-8fxf-jx22", "reference_id": "GHSA-pqh6-8fxf-jx22", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqh6-8fxf-jx22" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22", "reference_id": "GHSA-pqh6-8fxf-jx22", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig", "reference_id": "phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46361", "GHSA-pqh6-8fxf-jx22" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-1avq-zfhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69892?format=api", "vulnerability_id": "VCID-8k51-budg-h3ak", "summary": "phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01073", "published_at": "2026-06-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01082", "published_at": "2026-06-14T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0108", "published_at": "2026-06-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01076", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45007" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45007", "reference_id": "CVE-2026-45007", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45007" }, { "reference_url": "https://github.com/advisories/GHSA-rm98-82fr-mcfx", "reference_id": "GHSA-rm98-82fr-mcfx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm98-82fr-mcfx" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx", "reference_id": "GHSA-rm98-82fr-mcfx", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure", "reference_id": "phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45007", "GHSA-rm98-82fr-mcfx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8k51-budg-h3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74950?format=api", "vulnerability_id": "VCID-a9tb-yj7x-pya1", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTER_SANITIZE_SPECIAL_CHARS filter only encodes HTML special characters (&, ', \", <, >) and characters with ASCII value < 32, and does not prevent directory traversal sequences like ../. Additionally, the endpoint does not validate CSRF tokens, making it exploitable via CSRF attacks. This issue has been patched in version 4.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25709", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25694", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25492", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2569", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34728" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34728", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34728" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1", "reference_id": "4.1.1", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T15:23:57Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1" }, { "reference_url": "https://github.com/advisories/GHSA-38m8-xrfj-v38x", "reference_id": "GHSA-38m8-xrfj-v38x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38m8-xrfj-v38x" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-38m8-xrfj-v38x", "reference_id": "GHSA-38m8-xrfj-v38x", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-02T15:23:57Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-38m8-xrfj-v38x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373458?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-34728", "GHSA-38m8-xrfj-v38x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9tb-yj7x-pya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138201?format=api", "vulnerability_id": "VCID-cnr9-cykp-bbaw", "summary": "phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-53929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22218", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2224", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22228", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22038", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-53929" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://www.phpmyfaq.de", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyfaq.de" }, { "reference_url": "https://www.exploit-db.com/exploits/51399", "reference_id": "51399", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/" } ], "url": "https://www.exploit-db.com/exploits/51399" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53929", "reference_id": "CVE-2023-53929", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53929" }, { "reference_url": "https://github.com/advisories/GHSA-x2v3-9p22-w3x6", "reference_id": "GHSA-x2v3-9p22-w3x6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2v3-9p22-w3x6" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export", "reference_id": "phpmyfaq-csv-injection-via-user-profile-export", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export" }, { "reference_url": "https://www.phpmyfaq.de/", "reference_id": "www.phpmyfaq.de", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/" } ], "url": "https://www.phpmyfaq.de/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/690967?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-3akv-usbd-53bt" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-s9hv-md3j-17hr" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ujpq-qjkp-fygk" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.1.13" } ], "aliases": [ "CVE-2023-53929", "GHSA-x2v3-9p22-w3x6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnr9-cykp-bbaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68143?format=api", "vulnerability_id": "VCID-ecpv-3xqn-eqf8", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08949", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08901", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46360" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46360", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46360" }, { "reference_url": "https://github.com/advisories/GHSA-whqh-9pq5-c7r3", "reference_id": "GHSA-whqh-9pq5-c7r3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whqh-9pq5-c7r3" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3", "reference_id": "GHSA-whqh-9pq5-c7r3", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer", "reference_id": "phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46360", "GHSA-whqh-9pq5-c7r3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecpv-3xqn-eqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83223?format=api", "vulnerability_id": "VCID-p68j-sbvd-yuh4", "summary": "phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along with user email addresses, with similar exposures present in comment, news, and FAQ APIs. This information disclosure vulnerability could enable attackers to harvest email addresses for phishing campaigns or access content that was explicitly marked as private. This issue has been fixed in version 4.0.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06222", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06194", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06211", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24422" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24422", "reference_id": "CVE-2026-24422", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24422" }, { "reference_url": "https://github.com/advisories/GHSA-j4rc-96xj-gvqc", "reference_id": "GHSA-j4rc-96xj-gvqc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4rc-96xj-gvqc" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc", "reference_id": "GHSA-j4rc-96xj-gvqc", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T14:57:47Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38148?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/932214?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24422", "GHSA-j4rc-96xj-gvqc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p68j-sbvd-yuh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359156?format=api", "vulnerability_id": "VCID-qhsm-g24v-k7gj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41566", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41732", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41751", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4174", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32629" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32629", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32629" }, { "reference_url": "https://github.com/advisories/GHSA-98gw-w575-h2ph", "reference_id": "GHSA-98gw-w575-h2ph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98gw-w575-h2ph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373458?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-32629", "GHSA-98gw-w575-h2ph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsm-g24v-k7gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69871?format=api", "vulnerability_id": "VCID-rrz3-kbbd-eyhq", "summary": "phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41229", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4124", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41249", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41063", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45010" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45010" }, { "reference_url": "https://github.com/advisories/GHSA-9pq7-mfwh-xx2j", "reference_id": "GHSA-9pq7-mfwh-xx2j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9pq7-mfwh-xx2j" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j", "reference_id": "GHSA-9pq7-mfwh-xx2j", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint", "reference_id": "phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45010", "GHSA-9pq7-mfwh-xx2j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrz3-kbbd-eyhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62448?format=api", "vulnerability_id": "VCID-s9hv-md3j-17hr", "summary": "phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79262", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79253", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79189", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79267", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22208" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://www.phpmyfaq.de/security/advisory-2024-02-05", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyfaq.de/security/advisory-2024-02-05" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e", "reference_id": "a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:36:54Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22208", "reference_id": "CVE-2024-22208", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22208" }, { "reference_url": "https://github.com/advisories/GHSA-9hhf-xmcw-r3xg", "reference_id": "GHSA-9hhf-xmcw-r3xg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9hhf-xmcw-r3xg" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg", "reference_id": "GHSA-9hhf-xmcw-r3xg", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:36:54Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28753?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-129s-b67r-uyfw" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-5256-zeqq-yqas" }, { "vulnerability": "VCID-527w-e1dv-qyhe" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-cq9g-8pv2-bfcm" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q524-u3fc-2uac" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qtya-dhhw-uqa9" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wgqs-pf23-dkdb" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yjdz-bsf2-xbfz" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5" } ], "aliases": [ "CVE-2024-22208", "GHSA-9hhf-xmcw-r3xg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9hv-md3j-17hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68194?format=api", "vulnerability_id": "VCID-tpbv-urbk-h7gf", "summary": "phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10145", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10135", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1015", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10098", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46359" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46359", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46359" }, { "reference_url": "https://github.com/advisories/GHSA-pm8c-3qq3-72w7", "reference_id": "GHSA-pm8c-3qq3-72w7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm8c-3qq3-72w7" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7", "reference_id": "GHSA-pm8c-3qq3-72w7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields", "reference_id": "phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46359", "GHSA-pm8c-3qq3-72w7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpbv-urbk-h7gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69890?format=api", "vulnerability_id": "VCID-txxg-bugj-6bd4", "summary": "phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15496", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15471", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15503", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45008" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45008", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45008" }, { "reference_url": "https://github.com/advisories/GHSA-gh9p-q46p-57g2", "reference_id": "GHSA-gh9p-q46p-57g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh9p-q46p-57g2" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2", "reference_id": "GHSA-gh9p-q46p-57g2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter", "reference_id": "phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45008", "GHSA-gh9p-q46p-57g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txxg-bugj-6bd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61654?format=api", "vulnerability_id": "VCID-ujpq-qjkp-fygk", "summary": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03118", "scoring_system": "epss", "scoring_elements": "0.87179", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03118", "scoring_system": "epss", "scoring_elements": "0.87176", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03118", "scoring_system": "epss", "scoring_elements": "0.87127", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03118", "scoring_system": "epss", "scoring_elements": "0.87172", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24574" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://www.phpmyfaq.de/security/advisory-2024-02-05", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyfaq.de/security/advisory-2024-02-05" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/pull/2827", "reference_id": "2827", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T16:38:54Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/pull/2827" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5", "reference_id": "5479b4a4603cce71aa7eb4437f1c201153a1f1f5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T16:38:54Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24574", "reference_id": "CVE-2024-24574", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24574" }, { "reference_url": "https://github.com/advisories/GHSA-7m8g-fprr-47fx", "reference_id": "GHSA-7m8g-fprr-47fx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m8g-fprr-47fx" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx", "reference_id": "GHSA-7m8g-fprr-47fx", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T16:38:54Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28753?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-129s-b67r-uyfw" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2na9-t3m7-wfhn" }, { "vulnerability": "VCID-5256-zeqq-yqas" }, { "vulnerability": "VCID-527w-e1dv-qyhe" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-a9tb-yj7x-pya1" }, { "vulnerability": "VCID-cq9g-8pv2-bfcm" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q524-u3fc-2uac" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qtya-dhhw-uqa9" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wgqs-pf23-dkdb" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yjdz-bsf2-xbfz" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5" } ], "aliases": [ "CVE-2024-24574", "GHSA-7m8g-fprr-47fx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujpq-qjkp-fygk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68157?format=api", "vulnerability_id": "VCID-vjqh-59nn-5ude", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08949", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08901", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46363" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46363", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46363" }, { "reference_url": "https://github.com/advisories/GHSA-f5p7-2c9q-8896", "reference_id": "GHSA-f5p7-2c9q-8896", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f5p7-2c9q-8896" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896", "reference_id": "GHSA-f5p7-2c9q-8896", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass", "reference_id": "phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46363", "GHSA-f5p7-2c9q-8896" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjqh-59nn-5ude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360347?format=api", "vulnerability_id": "VCID-yckn-74u4-pkaw", "summary": "phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags\n## Summary\n\nThe `TagController::delete()` endpoint at `DELETE /admin/api/content/tags/{tagId}` only verifies that the user is logged in (`userIsAuthenticated()`), but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with `TagController::update()` and `TagController::search()`, which both enforce the `FAQ_EDIT` permission.\n\n## Details\n\nIn `phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/TagController.php`, the `delete()` method (line 121-133) uses only `$this->userIsAuthenticated()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n $this->userIsAuthenticated(); // Only checks isLoggedIn() — no permission check\n\n $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n if ($this->tags->delete($tagId)) {\n return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n }\n\n return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nCompare with `update()` (line 48-71) which properly enforces authorization:\n\n```php\npublic function update(Request $request): JsonResponse\n{\n $this->userHasPermission(PermissionType::FAQ_EDIT); // Proper permission check\n // ... also verifies CSRF token ...\n}\n```\n\nThe `userIsAuthenticated()` method in `AbstractController` (line 258-263) only checks `$this->currentUser->isLoggedIn()`:\n\n```php\nprotected function userIsAuthenticated(): void\n{\n if (!$this->currentUser->isLoggedIn()) {\n throw new UnauthorizedHttpException(challenge: 'User is not authenticated.');\n }\n}\n```\n\nThere is no admin-level middleware in the `Kernel` — it registers only RouterListener, LanguageListener, ControllerContainerListener, and exception listeners. The admin API entry point (`admin/api/index.php`) shares the same bootstrap and session as the frontend, meaning a frontend user's session cookie is valid for admin API requests.\n\nAdditionally, this endpoint lacks CSRF token verification (unlike `update()`), though the primary issue is the missing authorization since the attack vector is a logged-in user acting directly.\n\n## PoC\n\n```bash\n# Step 1: Register as a regular user on the phpMyFAQ frontend\n# (or use any existing non-admin authenticated session)\n\n# Step 2: As the authenticated non-admin user, delete tag with ID 1:\ncurl -X DELETE 'https://target.com/admin/api/content/tags/1' \\\n -H 'Cookie: PHPSESSID=<regular_user_session>'\n\n# Expected: 401 or 403 (user lacks FAQ_EDIT permission)\n# Actual: 200 OK with {\"success\": \"...\"}\n\n# Step 3: Enumerate and delete all tags:\nfor i in $(seq 1 100); do\n curl -s -X DELETE \"https://target.com/admin/api/content/tags/$i\" \\\n -H 'Cookie: PHPSESSID=<regular_user_session>'\ndone\n```\n\n## Impact\n\nAny authenticated user (including regular frontend users who registered through the public registration form) can delete all tags in the phpMyFAQ instance. This results in:\n\n- **Data integrity loss:** Tags are permanently deleted from the database. All FAQ-to-tag associations are destroyed.\n- **Disruption of FAQ organization:** Tag-based navigation, filtering, and tag clouds become empty or broken.\n- **No recoverability without backup:** Deleted tags and their associations cannot be restored without a database backup.\n\nThe impact is limited to tags (not FAQ content itself), but in large installations with extensive tag taxonomies, this could significantly degrade usability.\n\n## Recommended Fix\n\nAdd the `FAQ_EDIT` permission check and CSRF token verification to `TagController::delete()`, consistent with `TagController::update()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n $this->userHasPermission(PermissionType::FAQ_EDIT);\n\n $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n if ($this->tags->delete($tagId)) {\n return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n }\n\n return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nAt minimum, add `$this->userHasPermission(PermissionType::FAQ_EDIT)` to enforce the same authorization as the update and search endpoints. Consider also adding a dedicated `TAG_DELETE` permission type for more granular access control.", "references": [ { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/advisories/GHSA-7cx3-2qx2-3g6w", "reference_id": "GHSA-7cx3-2qx2-3g6w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cx3-2qx2-3g6w" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w", "reference_id": "GHSA-7cx3-2qx2-3g6w", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "GHSA-7cx3-2qx2-3g6w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yckn-74u4-pkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68203?format=api", "vulnerability_id": "VCID-zr1w-jzzj-a7gd", "summary": "phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15029", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14999", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15028", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14909", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46362" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46362", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46362" }, { "reference_url": "https://github.com/advisories/GHSA-hpgw-ww76-c68r", "reference_id": "GHSA-hpgw-ww76-c68r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hpgw-ww76-c68r" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r", "reference_id": "GHSA-hpgw-ww76-c68r", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check", "reference_id": "phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46362", "GHSA-hpgw-ww76-c68r" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1w-jzzj-a7gd" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.0.0-beta.3" }