Thorsten Phpmyfaq

44 CVEs affecting Thorsten Phpmyfaq. Latest disclosed: 2026-05-28. Critical: 2, High: 16.

Top CVEs affecting Thorsten Phpmyfaq
CVESeverityScorePublishedSummary
CVE-2026-46364Critical9.82026-05-15phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods t…
CVE-2026-45010Critical9.12026-05-15phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary…
CVE-2026-35671High8.82026-05-28phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrato…
CVE-2024-28107High8.82024-03-25phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in th…
CVE-2024-27299High8.82024-03-25phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the…
CVE-2026-34728High8.72026-04-02phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser…
CVE-2024-54141High8.62024-12-06phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgr…
CVE-2026-35676High8.22026-05-28phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account…
CVE-2026-35675High8.22026-05-28phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user ac…
CVE-2025-59943High8.12025-10-03phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration…
CVE-2026-46367High7.62026-05-15phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malfor…
CVE-2026-35672High7.52026-05-28phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to cr…
CVE-2026-46366High7.52026-05-15phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenti…
CVE-2026-46359High7.52026-05-15phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injec…
CVE-2026-27836High7.52026-02-27phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accoun…
CVE-2025-69200High7.52025-12-29phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backu…
CVE-2025-62519High7.22025-11-17phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update function…
CVE-2024-28105High7.22024-03-25phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulner…
CVE-2026-46361Medium6.92026-05-15phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the…
CVE-2026-46362Medium6.52026-05-15phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution…