National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:phpmyfaq:phpmyfaq:2.9.6
There are 17 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-16651

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

Published: September 07, 2018; 01:29:00 AM -04:00
V3.0: 7.2 HIGH
    V2: 9.0 HIGH
CVE-2018-16650

phpMyFAQ before 2.9.11 allows CSRF.

Published: September 07, 2018; 01:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15809

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.

Published: October 23, 2017; 01:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.

Published: October 23, 2017; 01:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15735

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15734

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15733

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15732

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15731

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15730

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15729

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15728

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2017-15727

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.

Published: October 22, 2017; 02:29:00 PM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2017-14619

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Published: September 20, 2017; 05:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-14618

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

Published: September 20, 2017; 05:29:00 PM -04:00
V3.0: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2017-11187

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.

Published: July 12, 2017; 10:29:00 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2017-7579

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.

Published: April 07, 2017; 12:59:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM