Phpmyfaq
By the Year
In 2024 there have been 3 vulnerabilities in Phpmyfaq with an average score of 6.4 out of ten. Last year Phpmyfaq had 62 security vulnerabilities published. Right now, Phpmyfaq is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.10.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 3 | 6.37 |
2023 | 62 | 6.27 |
2022 | 7 | 6.96 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 2 | 8.00 |
It may take a day or so for new Phpmyfaq vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Phpmyfaq Security Vulnerabilities
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases
CVE-2024-22208
6.5 - Medium
- February 05, 2024
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.
AuthZ
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases
CVE-2024-24574
6.1 - Medium
- February 05, 2024
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
XSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases
CVE-2024-22202
6.5 - Medium
- February 05, 2024
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.
Authorization
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
CVE-2023-6889
5.4 - Medium
- December 16, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
CVE-2023-6890
5.4 - Medium
- December 16, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVE-2023-5863
6.1 - Medium
- October 31, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
CVE-2023-5864
4.8 - Medium
- October 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
XSS
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVE-2023-5865
9.8 - Critical
- October 31, 2023
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
Insufficient Session Expiration
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
CVE-2023-5866
5.7 - Medium
- October 31, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVE-2023-5867
5.4 - Medium
- October 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5317
5.4 - Medium
- September 30, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5319
5.4 - Medium
- September 30, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
XSS
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5320
6.1 - Medium
- September 30, 2023
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
XSS
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE-2023-5227
9.8 - Critical
- September 30, 2023
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Unrestricted File Upload
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5316
6.1 - Medium
- September 30, 2023
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
CVE-2023-4007
5.4 - Medium
- July 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
XSS
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
CVE-2023-4006
9.8 - Critical
- July 31, 2023
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
CSV Injection
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
CVE-2023-3469
4.8 - Medium
- June 30, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
CVE-2023-2998
6.1 - Medium
- May 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
CVE-2023-2999
6.1 - Medium
- May 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
CVE-2023-2752
5.4 - Medium
- May 17, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
CVE-2023-2753
5.4 - Medium
- May 17, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVE-2023-2550
4.8 - Medium
- May 05, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVE-2023-2427
4.8 - Medium
- May 05, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
XSS
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVE-2023-2429
9.8 - Critical
- April 30, 2023
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
Authorization
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVE-2023-2428
5.4 - Medium
- April 30, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1875
5.4 - Medium
- April 22, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1884
6.1 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1880
6.1 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1879
5.4 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1878
5.4 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1887
4.3 - Medium
- April 05, 2023
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Business Logic Errors
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1886
9.8 - Critical
- April 05, 2023
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Authentication Bypass by Capture-replay
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1883
5.4 - Medium
- April 05, 2023
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Authorization
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1882
5.4 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1885
5.4 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1758
5.4 - Medium
- April 05, 2023
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Special Element Injection
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1757
5.4 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1756
5.4 - Medium
- April 05, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1760
4.8 - Medium
- March 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1759
4.8 - Medium
- March 31, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1762
8.8 - High
- March 31, 2023
Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Improper Privilege Management
Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1761
5.4 - Medium
- March 31, 2023
Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1753
9.8 - Critical
- March 31, 2023
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Weak Password Requirements
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1755
5.4 - Medium
- March 31, 2023
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1754
4.7 - Medium
- March 31, 2023
Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
XSS
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0880
4.3 - Medium
- February 17, 2023
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Misinterpretation of Input
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0794
5.4 - Medium
- February 12, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0791
5.4 - Medium
- February 12, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
XSS
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0789
9.8 - Critical
- February 12, 2023
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Command Injection
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0788
9.8 - Critical
- February 12, 2023
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Code Injection
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0787
5.4 - Medium
- February 12, 2023
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
XSS
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0793
8.8 - High
- February 12, 2023
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Weak Password Requirements
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0792
5.4 - Medium
- February 12, 2023
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Code Injection
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0790
8.8 - High
- February 12, 2023
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Uncaught Exception
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0786
4.8 - Medium
- February 12, 2023
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0309
5.4 - Medium
- January 15, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
XSS
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0311
9.8 - Critical
- January 15, 2023
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
authentification
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0310
5.4 - Medium
- January 15, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0308
5.4 - Medium
- January 15, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
XSS
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0307
9.8 - Critical
- January 15, 2023
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
Weak Password Requirements
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0306
5.4 - Medium
- January 15, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0314
6.1 - Medium
- January 15, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0313
5.4 - Medium
- January 15, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0312
6.1 - Medium
- January 15, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
XSS
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVE-2022-4409
7.5 - High
- December 11, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
Missing Encryption of Sensitive Data
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVE-2022-4408
5.4 - Medium
- December 11, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVE-2022-4407
6.1 - Medium
- December 11, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
XSS
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE-2022-3765
5.4 - Medium
- October 31, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE-2022-3766
6.1 - Medium
- October 31, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
XSS
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE-2022-3754
9.8 - Critical
- October 29, 2022
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Weak Password Requirements
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
CVE-2022-3608
8.4 - High
- October 19, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
XSS
phpMyFAQ before 2.9.11
CVE-2018-16650
8.8 - High
- September 07, 2018
phpMyFAQ before 2.9.11 allows CSRF.
Session Riding
The admin backend in phpMyFAQ before 2.9.11
CVE-2018-16651
7.2 - High
- September 07, 2018
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
CSV Injection
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization
CVE-2004-2257
- December 31, 2004
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
forced browsing