phpmyfaq

Top products

The 15 most recently published vulnerabilities affecting phpmyfaq.

• CVE-2026-56396phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()8.8Jun 21, 2026
• CVE-2026-34974phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation5.4Apr 2, 2026
• CVE-2026-34973phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure5.3Apr 2, 2026
• CVE-2026-34729phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()6.1Apr 2, 2026
• CVE-2026-34728phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController8.7Apr 2, 2026
• CVE-2026-32629phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor6.1Apr 2, 2026
• CVE-2026-27836phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint7.5Feb 27, 2026
• CVE-2026-24422phpMyFAQ: Public API endpoints expose emails and invisible questions5.3Jan 24, 2026
• CVE-2026-24420phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)6.5Jan 24, 2026
• CVE-2026-24421phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user6.5Jan 24, 2026
• CVE-2025-69200phpMyFAQ has unauthenticated config backup download via /api/setup/backup7.5Dec 29, 2025
• CVE-2025-68951phpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |raw5.4Dec 29, 2025
• CVE-2023-53929phpMyFAQ 3.1.12 CSV Injection via User Profile Export8.8Dec 17, 2025
• CVE-2025-62519phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality7.2Nov 17, 2025
• CVE-2025-59943phpMyFAQ duplicate email registration allows multiple accounts with the same email8.1Oct 3, 2025