Filtered by vendor Phpmyfaq
Subscriptions
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-14619 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-23 | N/A |
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | ||||
CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-23 | N/A |
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | ||||
CVE-2014-0813 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-08-29 | N/A |
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. | ||||
CVE-2010-4821 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-08-29 | N/A |
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | ||||
CVE-2007-1032 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-29 | N/A |
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." | ||||
CVE-2006-6912 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-29 | N/A |
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | ||||
CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | N/A |
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | ||||
CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | N/A |
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | ||||
CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | N/A |
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | ||||
CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-04-12 | N/A |
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | ||||
CVE-2005-3050 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-18 | N/A |
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message. | ||||
CVE-2005-3048 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-18 | N/A |
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file. | ||||
CVE-2005-3047 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-18 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php. | ||||
CVE-2005-3046 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-18 | N/A |
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field. | ||||
CVE-2014-0814 | 1 Phpmyfaq | 1 Phpmyfaq | 2014-02-21 | N/A |
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2006-6913 | 1 Phpmyfaq | 1 Phpmyfaq | 2011-03-08 | N/A |
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. |