National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:phpmyfaq:phpmyfaq:1.2.0
There are 31 matching records.
Displaying matches 21 through 31.
Vuln ID Summary CVSS Severity
CVE-2017-14618

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

Published: September 20, 2017; 05:29:00 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2017-11187

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.

Published: July 12, 2017; 10:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2017-7579

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.

Published: April 07, 2017; 12:59:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2014-0814

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2014; 11:55:13 AM -05:00
V2: 4.3 MEDIUM
CVE-2014-0813

Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.

Published: February 14, 2014; 11:55:13 AM -05:00
V2: 6.8 MEDIUM
CVE-2010-4821

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Published: October 22, 2012; 07:55:04 PM -04:00
V2: 4.3 MEDIUM
CVE-2009-4780

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: April 21, 2010; 10:30:00 AM -04:00
V2: 4.3 MEDIUM
CVE-2009-4040

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.

Published: November 20, 2009; 02:30:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2007-1032

Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."

Published: February 21, 2007; 06:28:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2006-6912

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2006-6913

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 7.5 HIGH