CPE Details

phpMyFAQ phpMyFAQ 3.0.0 Release Candidate 2

Vendor

phpmyfaq

Product

phpmyfaq

Version

3.0.0

Created

2022-10-20 14:13 +00:00

Last Modified

2022-10-20 14:20 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Alert management

List of Alerts

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:phpmyfaq:phpmyfaq:3.0.0:rc2::::::

Informations

Vendor

phpmyfaq

Product

phpmyfaq

Version

3.0.0

Update

rc2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-24574	2024-02-05 20:57 +00:00	phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.	6.5	MEDIUM
CVE-2024-22208	2024-02-05 20:44 +00:00	phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.	6.5	MEDIUM
CVE-2024-22202	2024-02-05 19:39 +00:00	phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.	6.5	MEDIUM
CVE-2023-6890	2023-12-16 08:57 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.	5.4	MEDIUM
CVE-2023-6889	2023-12-16 08:57 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.	5.4	MEDIUM
CVE-2023-5866	2023-10-31 00:00 +00:00	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.	5.7	MEDIUM
CVE-2023-5867	2023-10-31 00:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.	5.4	MEDIUM
CVE-2023-5865	2023-10-31 00:00 +00:00	Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.	9.8	CRITICAL
CVE-2023-5864	2023-10-31 00:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.	4.8	MEDIUM
CVE-2023-5863	2023-10-31 00:00 +00:00	Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.	6.1	MEDIUM
CVE-2023-5320	2023-09-30 00:00 +00:00	Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.	6.1	MEDIUM
CVE-2023-5317	2023-09-30 00:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.	5.4	MEDIUM
CVE-2023-5316	2023-09-30 00:00 +00:00	Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.	6.1	MEDIUM
CVE-2023-5319	2023-09-30 00:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.	5.4	MEDIUM
CVE-2023-5227	2023-09-30 00:00 +00:00	Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.	9.8	CRITICAL
CVE-2023-4007	2023-07-31 00:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.	5.4	MEDIUM
CVE-2023-4006	2023-07-31 00:00 +00:00	Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.	9.8	CRITICAL
CVE-2023-3469	2023-06-30 00:00 +00:00	Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.	4.8	MEDIUM
CVE-2023-2998	2023-05-30 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.	6.1	MEDIUM
CVE-2023-2999	2023-05-30 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.	6.1	MEDIUM
CVE-2023-2752	2023-05-16 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.	5.4	MEDIUM
CVE-2023-2753	2023-05-16 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.	5.4	MEDIUM
CVE-2023-2427	2023-05-04 22:00 +00:00	Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.	4.8	MEDIUM
CVE-2023-2550	2023-05-04 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.	4.8	MEDIUM
CVE-2023-2428	2023-04-29 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.	5.4	MEDIUM
CVE-2023-2429	2023-04-29 22:00 +00:00	Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.	9.8	CRITICAL
CVE-2023-1875	2023-04-21 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1756	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1757	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1758	2023-04-04 22:00 +00:00	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1878	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1879	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1880	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	6.1	MEDIUM
CVE-2023-1882	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1883	2023-04-04 22:00 +00:00	Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1884	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	6.1	MEDIUM
CVE-2023-1885	2023-04-04 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	6.3	MEDIUM
CVE-2023-1886	2023-04-04 22:00 +00:00	Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	9.8	CRITICAL
CVE-2023-1887	2023-04-04 22:00 +00:00	Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	4.3	MEDIUM
CVE-2023-1753	2023-03-30 22:00 +00:00	Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	9.8	CRITICAL
CVE-2023-1754	2023-03-30 22:00 +00:00	Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	4.7	MEDIUM
CVE-2023-1755	2023-03-30 22:00 +00:00	Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	5.4	MEDIUM
CVE-2023-1759	2023-03-30 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	4.8	MEDIUM
CVE-2023-1760	2023-03-30 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	4.8	MEDIUM
CVE-2023-1761	2023-03-30 22:00 +00:00	Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	6.3	MEDIUM
CVE-2023-1762	2023-03-30 22:00 +00:00	Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	8.8	HIGH
CVE-2023-0880	2023-02-16 23:00 +00:00	Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	8.3	HIGH
CVE-2023-0786	2023-02-11 23:00 +00:00	Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	8.4	HIGH
CVE-2023-0787	2023-02-11 23:00 +00:00	Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	8.1	HIGH
CVE-2023-0788	2023-02-11 23:00 +00:00	Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	9.8	CRITICAL
CVE-2023-0789	2023-02-11 23:00 +00:00	Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	9.8	CRITICAL
CVE-2023-0790	2023-02-11 23:00 +00:00	Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	8.8	HIGH
CVE-2023-0791	2023-02-11 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	8.3	HIGH
CVE-2023-0792	2023-02-11 23:00 +00:00	Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	6.5	MEDIUM
CVE-2023-0793	2023-02-11 23:00 +00:00	Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	8.8	HIGH
CVE-2023-0794	2023-02-11 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	8.3	HIGH
CVE-2023-0306	2023-01-14 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	5.4	MEDIUM
CVE-2023-0307	2023-01-14 23:00 +00:00	Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	9.8	CRITICAL
CVE-2023-0308	2023-01-14 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	5.4	MEDIUM
CVE-2023-0309	2023-01-14 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	5.4	MEDIUM
CVE-2023-0310	2023-01-14 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	5.4	MEDIUM
CVE-2023-0311	2023-01-14 23:00 +00:00	Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	9.8	CRITICAL
CVE-2023-0312	2023-01-14 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	6.1	MEDIUM
CVE-2023-0313	2023-01-14 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	5.4	MEDIUM
CVE-2023-0314	2023-01-14 23:00 +00:00	Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.	6.1	MEDIUM
CVE-2022-4407	2022-12-10 23:00 +00:00	Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.	6.1	MEDIUM
CVE-2022-4408	2022-12-10 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.	5.4	MEDIUM
CVE-2022-4409	2022-12-10 23:00 +00:00	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.	7.5	HIGH
CVE-2022-3765	2022-10-30 23:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.	5.4	MEDIUM
CVE-2022-3766	2022-10-30 23:00 +00:00	Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.	6.1	MEDIUM
CVE-2022-3754	2022-10-28 22:00 +00:00	Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.	9.8	CRITICAL
CVE-2022-3608	2022-10-18 22:00 +00:00	Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.	8.4	HIGH

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

CPE Details

Alerte pour un CPE

Functionality requiring a connection

CPE Name: cpe:2.3:a:phpmyfaq:phpmyfaq:3.0.0:rc2::::::

Informations

Vendor

Product

Version

Update

Related CVE

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

CVE

OWASP

CISA KEV

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

No result found

Alert System

phpMyFAQ phpMyFAQ 3.0.0 Release Candidate 2

CPE Details

Alerte pour un CPE

CPE Name: cpe:2.3:a:phpmyfaq:phpmyfaq:3.0.0:rc2:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:phpmyfaq:phpmyfaq:3.0.0:rc2::::::