CRITICAL9.8CVE-2026-46364phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha from 0, < 4.1.2
CRITICAL9.1CVE-2026-45010phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id from 0, < 4.1.2
HIGH8.8phpMyFAQ: IDOR Account Takeover
from 0, < 4.1.3
HIGH8.8phpMyFAQ contains a CSV injection vulnerability
from 0, <= 3.1.12
HIGH8.8phpMyFAQ SQL injections at insertentry & saveentry
>= 3.2.5, < 3.2.6
HIGH8.8phpMyFAQ SQL Injection at "Save News"
>= 3.2.5, < 3.2.6
HIGH8.7phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController
from 0, < 4.1.1
HIGH8.4phpMyFAQ vulnerable to Cross-site Scripting
from 0, < 3.2.0-alpha
HIGH8.2phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
from 0, < 4.1.3
HIGH8.2phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
from 0, < 4.1.3
HIGH7.6Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
from 0, < 4.1.2
HIGH7.6Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
>= 4.1.1, < 4.1.2
HIGH7.5phpMyFAQ: Default Empty API Token Authentication Bypass
from 0, < 4.1.3
HIGH7.5phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
from 0, < 4.1.2
HIGH7.5phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
from 0, < 4.1.2
HIGH7.2phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
from 0, < 4.0.14
HIGH7.2phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
>= 3.2.5, < 3.2.6
MEDIUM6.9phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering
from 0, < 4.1.2
MEDIUM6.5Duplicate Advisory: phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins
from 0, < 4.1.2
MEDIUM6.5phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check
from 0, < 4.1.2
MEDIUM6.5phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
from 0, < 4.0.17
MEDIUM6.5phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
from 0, < 4.0.17
MEDIUM6.5phpMyFAQ vulnerable to stored XSS on attachments filename
from 0, < 3.2.5
MEDIUM6.5phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
from 0, < 3.2.5
MEDIUM6.1phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
from 0, < 4.1.1
MEDIUM5.7phpMyFAQ User Removal Page Allows Spoofing Of User Details
from 0, < 3.2.5
MEDIUM5.5phpMyFAQ stored Cross-site Scripting at user email
>= 3.2.5, < 3.2.6
MEDIUM5.4Duplicate Advisory: phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
from 0, < 4.1.2
MEDIUM5.4Duplicate Advisory: phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS
from 0, < 4.1.2
MEDIUM5.3phpMyFAQ: Public API endpoints expose emails and invisible questions
from 0, < 4.0.17
MEDIUM5.2phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
>= 3.2.10, <= 4.0.1
MEDIUM5.1phpMyFAQ Stored HTML Injection at contentLink
>= 3.2.5, < 3.2.6
MEDIUM4.3phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ
>= 4.1.1, < 4.1.2
MEDIUM4.3phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User
from 0, < 4.1.2
MEDIUM4.3phpMyFAQ Stored Cross-site Scripting at FAQ News Content
>= 3.2.5, < 3.2.6
MEDIUM4.3phpMyFAQ Stored Cross-site Scripting at File Attachments
>= 3.2.5, < 3.2.6
LOW3.8phpMyFAQ Path Traversal in Attachments
>= 3.2.5, < 3.2.6
—phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
from 0, < 4.1.1