{"url":"http://public2.vulnerablecode.io/api/packages/767201?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.7","type":"composer","namespace":"thorsten","name":"phpmyfaq","version":"3.2.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.3","latest_non_vulnerable_version":"4.1.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68252?format=json","vulnerability_id":"VCID-1qwx-htn1-4bg8","summary":"phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46364","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2036","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92161","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92165","published_at":"2026-06-14T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92167","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46364"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46364","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46364"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92","reference_id":"b9f25109fddb38eee19987183798638d07943f92","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92"},{"reference_url":"https://github.com/advisories/GHSA-289f-fq7w-6q2w","reference_id":"GHSA-289f-fq7w-6q2w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-289f-fq7w-6q2w"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w","reference_id":"GHSA-289f-fq7w-6q2w","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha","reference_id":"phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46364","GHSA-289f-fq7w-6q2w"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwx-htn1-4bg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59507?format=json","vulnerability_id":"VCID-2bsv-7dt5-6qcu","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55889","reference_id":"","reference_type":"","scores":[{"value":"0.09124","scoring_system":"epss","scoring_elements":"0.92857","published_at":"2026-06-11T12:55:00Z"},{"value":"0.09124","scoring_system":"epss","scoring_elements":"0.9288","published_at":"2026-06-12T12:55:00Z"},{"value":"0.09124","scoring_system":"epss","scoring_elements":"0.92881","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55889"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55889","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55889"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt","reference_id":"CVE-2024-55889","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d","reference_id":"fa0f7368dc3288eedb1915def64ef8fb270f711d","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d"},{"reference_url":"https://github.com/advisories/GHSA-m3r7-8gw7-qwvc","reference_id":"GHSA-m3r7-8gw7-qwvc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3r7-8gw7-qwvc"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc","reference_id":"GHSA-m3r7-8gw7-qwvc","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372314?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.10"}],"aliases":["CVE-2024-55889","GHSA-m3r7-8gw7-qwvc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bsv-7dt5-6qcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83111?format=json","vulnerability_id":"VCID-57ev-2w6v-mbbs","summary":"phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24421","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50491","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50496","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50509","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50358","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24421"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt","reference_id":"CVE-2026-24421","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24421","reference_id":"CVE-2026-24421","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24421"},{"reference_url":"https://github.com/advisories/GHSA-wm8h-26fv-mg7g","reference_id":"GHSA-wm8h-26fv-mg7g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wm8h-26fv-mg7g"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g","reference_id":"GHSA-wm8h-26fv-mg7g","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38149?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24421","GHSA-wm8h-26fv-mg7g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57ev-2w6v-mbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68191?format=json","vulnerability_id":"VCID-5pw3-qxh6-6ufr","summary":"phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46366","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23541","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23563","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23355","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46366"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46366"},{"reference_url":"https://github.com/advisories/GHSA-99qv-g4x9-mgc3","reference_id":"GHSA-99qv-g4x9-mgc3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99qv-g4x9-mgc3"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3","reference_id":"GHSA-99qv-g4x9-mgc3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass","reference_id":"phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46366","GHSA-99qv-g4x9-mgc3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pw3-qxh6-6ufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102633?format=json","vulnerability_id":"VCID-5wsg-7979-dqgs","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62519","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30546","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3035","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35551","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35568","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62519"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14","reference_id":"4.0.13...4.0.14","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62519","reference_id":"CVE-2025-62519","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62519"},{"reference_url":"https://github.com/advisories/GHSA-fxm2-cmwj-qvx4","reference_id":"GHSA-fxm2-cmwj-qvx4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxm2-cmwj-qvx4"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4","reference_id":"GHSA-fxm2-cmwj-qvx4","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35278?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-x8f6-wx6k-f3d5"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.14"}],"aliases":["CVE-2025-62519","GHSA-fxm2-cmwj-qvx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wsg-7979-dqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83252?format=json","vulnerability_id":"VCID-6jmj-n5mz-bba8","summary":"phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24420","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03833","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03857","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03844","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03854","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24420"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24420","reference_id":"CVE-2026-24420","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24420"},{"reference_url":"https://github.com/advisories/GHSA-7p9h-m7m8-vhhv","reference_id":"GHSA-7p9h-m7m8-vhhv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7p9h-m7m8-vhhv"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv","reference_id":"GHSA-7p9h-m7m8-vhhv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T15:00:41Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38149?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24420","GHSA-7p9h-m7m8-vhhv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmj-n5mz-bba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68138?format=json","vulnerability_id":"VCID-7tpb-1avq-zfhu","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46361","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01334","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01347","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01344","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01337","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46361"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46361","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46361"},{"reference_url":"https://github.com/advisories/GHSA-pqh6-8fxf-jx22","reference_id":"GHSA-pqh6-8fxf-jx22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pqh6-8fxf-jx22"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22","reference_id":"GHSA-pqh6-8fxf-jx22","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig","reference_id":"phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46361","GHSA-pqh6-8fxf-jx22"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-1avq-zfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69892?format=json","vulnerability_id":"VCID-8k51-budg-h3ak","summary":"phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45007","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01073","published_at":"2026-06-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01082","published_at":"2026-06-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0108","published_at":"2026-06-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01076","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45007"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45007","reference_id":"CVE-2026-45007","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45007"},{"reference_url":"https://github.com/advisories/GHSA-rm98-82fr-mcfx","reference_id":"GHSA-rm98-82fr-mcfx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm98-82fr-mcfx"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx","reference_id":"GHSA-rm98-82fr-mcfx","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure","reference_id":"phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45007","GHSA-rm98-82fr-mcfx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8k51-budg-h3ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359189?format=json","vulnerability_id":"VCID-9mx6-54u5-fugf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34974","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.127","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1279","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12799","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12781","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34974"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34974","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34974"},{"reference_url":"https://github.com/advisories/GHSA-5crx-pfhq-4hgg","reference_id":"GHSA-5crx-pfhq-4hgg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5crx-pfhq-4hgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373289?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-34974","GHSA-5crx-pfhq-4hgg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mx6-54u5-fugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30801?format=json","vulnerability_id":"VCID-b64e-gffa-5kg7","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54141","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60264","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60258","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60253","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60147","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54141"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54141","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54141"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe","reference_id":"b9289a0b2233df864361c131cd177b6715fbb0fe","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe"},{"reference_url":"https://github.com/advisories/GHSA-vrjr-p3xp-xx2x","reference_id":"GHSA-vrjr-p3xp-xx2x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrjr-p3xp-xx2x"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x","reference_id":"GHSA-vrjr-p3xp-xx2x","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372524?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.0"}],"aliases":["CVE-2024-54141","GHSA-vrjr-p3xp-xx2x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b64e-gffa-5kg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68143?format=json","vulnerability_id":"VCID-ecpv-3xqn-eqf8","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46360","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08945","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08939","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08949","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46360"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46360","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46360"},{"reference_url":"https://github.com/advisories/GHSA-whqh-9pq5-c7r3","reference_id":"GHSA-whqh-9pq5-c7r3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whqh-9pq5-c7r3"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3","reference_id":"GHSA-whqh-9pq5-c7r3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer","reference_id":"phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46360","GHSA-whqh-9pq5-c7r3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecpv-3xqn-eqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80126?format=json","vulnerability_id":"VCID-emzq-e5ru-w3cx","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27836","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19686","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19689","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19515","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1971","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27836"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27836","reference_id":"CVE-2026-27836","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27836"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1","reference_id":"f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1"},{"reference_url":"https://github.com/advisories/GHSA-w22q-m2fm-x9f4","reference_id":"GHSA-w22q-m2fm-x9f4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w22q-m2fm-x9f4"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4","reference_id":"GHSA-w22q-m2fm-x9f4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39980?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.18"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-27836","GHSA-w22q-m2fm-x9f4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emzq-e5ru-w3cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83223?format=json","vulnerability_id":"VCID-p68j-sbvd-yuh4","summary":"phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along with user email addresses, with similar exposures present in comment, news, and FAQ APIs. This information disclosure vulnerability could enable attackers to harvest email addresses for phishing campaigns or access content that was explicitly marked as private. This issue has been fixed in version 4.0.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24422","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06222","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06194","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06211","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24422"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24422","reference_id":"CVE-2026-24422","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24422"},{"reference_url":"https://github.com/advisories/GHSA-j4rc-96xj-gvqc","reference_id":"GHSA-j4rc-96xj-gvqc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4rc-96xj-gvqc"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc","reference_id":"GHSA-j4rc-96xj-gvqc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T14:57:47Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38149?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24422","GHSA-j4rc-96xj-gvqc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p68j-sbvd-yuh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74750?format=json","vulnerability_id":"VCID-q6zp-tnjb-pye3","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34973","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29774","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29776","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29577","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29792","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34973"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34973","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34973"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1","reference_id":"4.1.1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1"},{"reference_url":"https://github.com/advisories/GHSA-gcp9-5jc8-976x","reference_id":"GHSA-gcp9-5jc8-976x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcp9-5jc8-976x"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x","reference_id":"GHSA-gcp9-5jc8-976x","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373289?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-34973","GHSA-gcp9-5jc8-976x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6zp-tnjb-pye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359156?format=json","vulnerability_id":"VCID-qhsm-g24v-k7gj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32629","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41566","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41732","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41751","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4174","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32629"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32629","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32629"},{"reference_url":"https://github.com/advisories/GHSA-98gw-w575-h2ph","reference_id":"GHSA-98gw-w575-h2ph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98gw-w575-h2ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373289?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-32629","GHSA-98gw-w575-h2ph"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsm-g24v-k7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69871?format=json","vulnerability_id":"VCID-rrz3-kbbd-eyhq","summary":"phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45010","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41229","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4124","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41249","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41063","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45010"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45010","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45010"},{"reference_url":"https://github.com/advisories/GHSA-9pq7-mfwh-xx2j","reference_id":"GHSA-9pq7-mfwh-xx2j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9pq7-mfwh-xx2j"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j","reference_id":"GHSA-9pq7-mfwh-xx2j","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint","reference_id":"phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45010","GHSA-9pq7-mfwh-xx2j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrz3-kbbd-eyhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68194?format=json","vulnerability_id":"VCID-tpbv-urbk-h7gf","summary":"phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46359","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10145","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10135","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1015","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10098","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46359"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46359","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46359"},{"reference_url":"https://github.com/advisories/GHSA-pm8c-3qq3-72w7","reference_id":"GHSA-pm8c-3qq3-72w7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm8c-3qq3-72w7"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7","reference_id":"GHSA-pm8c-3qq3-72w7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields","reference_id":"phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46359","GHSA-pm8c-3qq3-72w7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpbv-urbk-h7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69890?format=json","vulnerability_id":"VCID-txxg-bugj-6bd4","summary":"phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45008","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15496","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15471","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15503","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45008"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45008","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45008"},{"reference_url":"https://github.com/advisories/GHSA-gh9p-q46p-57g2","reference_id":"GHSA-gh9p-q46p-57g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh9p-q46p-57g2"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2","reference_id":"GHSA-gh9p-q46p-57g2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter","reference_id":"phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45008","GHSA-gh9p-q46p-57g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txxg-bugj-6bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/123709?format=json","vulnerability_id":"VCID-u37t-naar-pbav","summary":"phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69200","reference_id":"","reference_type":"","scores":[{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86195","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86197","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86186","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86136","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69200"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a","reference_id":"b0e99ee3695152115841cb546d8dce64ceb8c29a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69200","reference_id":"CVE-2025-69200","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69200"},{"reference_url":"https://github.com/advisories/GHSA-9cg9-4h4f-j6fg","reference_id":"GHSA-9cg9-4h4f-j6fg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9cg9-4h4f-j6fg"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg","reference_id":"GHSA-9cg9-4h4f-j6fg","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36384?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.16"}],"aliases":["CVE-2025-69200","GHSA-9cg9-4h4f-j6fg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u37t-naar-pbav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68157?format=json","vulnerability_id":"VCID-vjqh-59nn-5ude","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46363","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08945","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08939","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08949","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46363"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46363","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46363"},{"reference_url":"https://github.com/advisories/GHSA-f5p7-2c9q-8896","reference_id":"GHSA-f5p7-2c9q-8896","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f5p7-2c9q-8896"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896","reference_id":"GHSA-f5p7-2c9q-8896","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass","reference_id":"phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46363","GHSA-f5p7-2c9q-8896"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjqh-59nn-5ude"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360347?format=json","vulnerability_id":"VCID-yckn-74u4-pkaw","summary":"phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags\n## Summary\n\nThe `TagController::delete()` endpoint at `DELETE /admin/api/content/tags/{tagId}` only verifies that the user is logged in (`userIsAuthenticated()`), but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with `TagController::update()` and `TagController::search()`, which both enforce the `FAQ_EDIT` permission.\n\n## Details\n\nIn `phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/TagController.php`, the `delete()` method (line 121-133) uses only `$this->userIsAuthenticated()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n    $this->userIsAuthenticated();  // Only checks isLoggedIn() — no permission check\n\n    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n    if ($this->tags->delete($tagId)) {\n        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n    }\n\n    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nCompare with `update()` (line 48-71) which properly enforces authorization:\n\n```php\npublic function update(Request $request): JsonResponse\n{\n    $this->userHasPermission(PermissionType::FAQ_EDIT);  // Proper permission check\n    // ... also verifies CSRF token ...\n}\n```\n\nThe `userIsAuthenticated()` method in `AbstractController` (line 258-263) only checks `$this->currentUser->isLoggedIn()`:\n\n```php\nprotected function userIsAuthenticated(): void\n{\n    if (!$this->currentUser->isLoggedIn()) {\n        throw new UnauthorizedHttpException(challenge: 'User is not authenticated.');\n    }\n}\n```\n\nThere is no admin-level middleware in the `Kernel` — it registers only RouterListener, LanguageListener, ControllerContainerListener, and exception listeners. The admin API entry point (`admin/api/index.php`) shares the same bootstrap and session as the frontend, meaning a frontend user's session cookie is valid for admin API requests.\n\nAdditionally, this endpoint lacks CSRF token verification (unlike `update()`), though the primary issue is the missing authorization since the attack vector is a logged-in user acting directly.\n\n## PoC\n\n```bash\n# Step 1: Register as a regular user on the phpMyFAQ frontend\n# (or use any existing non-admin authenticated session)\n\n# Step 2: As the authenticated non-admin user, delete tag with ID 1:\ncurl -X DELETE 'https://target.com/admin/api/content/tags/1' \\\n  -H 'Cookie: PHPSESSID=<regular_user_session>'\n\n# Expected: 401 or 403 (user lacks FAQ_EDIT permission)\n# Actual: 200 OK with {\"success\": \"...\"}\n\n# Step 3: Enumerate and delete all tags:\nfor i in $(seq 1 100); do\n  curl -s -X DELETE \"https://target.com/admin/api/content/tags/$i\" \\\n    -H 'Cookie: PHPSESSID=<regular_user_session>'\ndone\n```\n\n## Impact\n\nAny authenticated user (including regular frontend users who registered through the public registration form) can delete all tags in the phpMyFAQ instance. This results in:\n\n- **Data integrity loss:** Tags are permanently deleted from the database. All FAQ-to-tag associations are destroyed.\n- **Disruption of FAQ organization:** Tag-based navigation, filtering, and tag clouds become empty or broken.\n- **No recoverability without backup:** Deleted tags and their associations cannot be restored without a database backup.\n\nThe impact is limited to tags (not FAQ content itself), but in large installations with extensive tag taxonomies, this could significantly degrade usability.\n\n## Recommended Fix\n\nAdd the `FAQ_EDIT` permission check and CSRF token verification to `TagController::delete()`, consistent with `TagController::update()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n    $this->userHasPermission(PermissionType::FAQ_EDIT);\n\n    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n    if ($this->tags->delete($tagId)) {\n        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n    }\n\n    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nAt minimum, add `$this->userHasPermission(PermissionType::FAQ_EDIT)` to enforce the same authorization as the update and search endpoints. Consider also adding a dedicated `TAG_DELETE` permission type for more granular access control.","references":[{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/advisories/GHSA-7cx3-2qx2-3g6w","reference_id":"GHSA-7cx3-2qx2-3g6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cx3-2qx2-3g6w"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w","reference_id":"GHSA-7cx3-2qx2-3g6w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["GHSA-7cx3-2qx2-3g6w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yckn-74u4-pkaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68203?format=json","vulnerability_id":"VCID-zr1w-jzzj-a7gd","summary":"phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46362","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15029","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14999","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15028","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14909","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46362"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46362","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46362"},{"reference_url":"https://github.com/advisories/GHSA-hpgw-ww76-c68r","reference_id":"GHSA-hpgw-ww76-c68r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hpgw-ww76-c68r"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r","reference_id":"GHSA-hpgw-ww76-c68r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check","reference_id":"phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46362","GHSA-hpgw-ww76-c68r"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1w-jzzj-a7gd"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.7"}