Phpmyfaq Phpmyfaq

  1. Vendors
  2. Phpmyfaq
  3. Phpmyfaq
Do you want an email whenever new security vulnerabilities are reported in Phpmyfaq?

By the Year

In 2024 there have been 3 vulnerabilities in Phpmyfaq with an average score of 6.4 out of ten. Last year Phpmyfaq had 62 security vulnerabilities published. Right now, Phpmyfaq is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.10.

Year Vulnerabilities Average Score
2024 3 6.37
2023 62 6.27
2022 7 6.96
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 2 8.00

It may take a day or so for new Phpmyfaq vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Phpmyfaq Security Vulnerabilities

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases

CVE-2024-22208 6.5 - Medium - February 05, 2024

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.

AuthZ

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases

CVE-2024-24574 6.1 - Medium - February 05, 2024

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.

XSS

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases

CVE-2024-22202 6.5 - Medium - February 05, 2024

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.

Authorization

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

CVE-2023-6889 5.4 - Medium - December 16, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

CVE-2023-6890 5.4 - Medium - December 16, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

CVE-2023-5863 6.1 - Medium - October 31, 2023

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

CVE-2023-5864 4.8 - Medium - October 31, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

XSS

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

CVE-2023-5865 9.8 - Critical - October 31, 2023

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

Insufficient Session Expiration

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

CVE-2023-5866 5.7 - Medium - October 31, 2023

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

CVE-2023-5867 5.4 - Medium - October 31, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5317 5.4 - Medium - September 30, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5319 5.4 - Medium - September 30, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

XSS

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5320 6.1 - Medium - September 30, 2023

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

XSS

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVE-2023-5227 9.8 - Critical - September 30, 2023

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

Unrestricted File Upload

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5316 6.1 - Medium - September 30, 2023

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

CVE-2023-4007 5.4 - Medium - July 31, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

XSS

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

CVE-2023-4006 9.8 - Critical - July 31, 2023

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

CSV Injection

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.

CVE-2023-3469 4.8 - Medium - June 30, 2023

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.

CVE-2023-2998 6.1 - Medium - May 31, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.

CVE-2023-2999 6.1 - Medium - May 31, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

CVE-2023-2752 5.4 - Medium - May 17, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

CVE-2023-2753 5.4 - Medium - May 17, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

CVE-2023-2550 4.8 - Medium - May 05, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

CVE-2023-2427 4.8 - Medium - May 05, 2023

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

XSS

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

CVE-2023-2429 9.8 - Critical - April 30, 2023

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

Authorization

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

CVE-2023-2428 5.4 - Medium - April 30, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1875 5.4 - Medium - April 22, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1884 6.1 - Medium - April 05, 2023

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1880 6.1 - Medium - April 05, 2023

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1879 5.4 - Medium - April 05, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1878 5.4 - Medium - April 05, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1887 4.3 - Medium - April 05, 2023

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Business Logic Errors

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1886 9.8 - Critical - April 05, 2023

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Authentication Bypass by Capture-replay

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1883 5.4 - Medium - April 05, 2023

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Authorization

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1882 5.4 - Medium - April 05, 2023

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1885 5.4 - Medium - April 05, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1758 5.4 - Medium - April 05, 2023

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Special Element Injection

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1757 5.4 - Medium - April 05, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1756 5.4 - Medium - April 05, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1760 4.8 - Medium - March 31, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1759 4.8 - Medium - March 31, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1762 8.8 - High - March 31, 2023

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Improper Privilege Management

Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1761 5.4 - Medium - March 31, 2023

Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1753 9.8 - Critical - March 31, 2023

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Weak Password Requirements

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1755 5.4 - Medium - March 31, 2023

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1754 4.7 - Medium - March 31, 2023

Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

XSS

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0880 4.3 - Medium - February 17, 2023

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Misinterpretation of Input

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0794 5.4 - Medium - February 12, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0791 5.4 - Medium - February 12, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

XSS

Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0789 9.8 - Critical - February 12, 2023

Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Command Injection

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0788 9.8 - Critical - February 12, 2023

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Code Injection

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0787 5.4 - Medium - February 12, 2023

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

XSS

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0793 8.8 - High - February 12, 2023

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Weak Password Requirements

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0792 5.4 - Medium - February 12, 2023

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Code Injection

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0790 8.8 - High - February 12, 2023

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Uncaught Exception

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2023-0786 4.8 - Medium - February 12, 2023

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0309 5.4 - Medium - January 15, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

XSS

Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0311 9.8 - Critical - January 15, 2023

Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

authentification

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0310 5.4 - Medium - January 15, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0308 5.4 - Medium - January 15, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

XSS

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0307 9.8 - Critical - January 15, 2023

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

Weak Password Requirements

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0306 5.4 - Medium - January 15, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0314 6.1 - Medium - January 15, 2023

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0313 5.4 - Medium - January 15, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2023-0312 6.1 - Medium - January 15, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

XSS

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CVE-2022-4409 7.5 - High - December 11, 2022

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

Missing Encryption of Sensitive Data

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CVE-2022-4408 5.4 - Medium - December 11, 2022

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CVE-2022-4407 6.1 - Medium - December 11, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVE-2022-3765 5.4 - Medium - October 31, 2022

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVE-2022-3766 6.1 - Medium - October 31, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

XSS

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVE-2022-3754 9.8 - Critical - October 29, 2022

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

Weak Password Requirements

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.

CVE-2022-3608 8.4 - High - October 19, 2022

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.

XSS

phpMyFAQ before 2.9.11

CVE-2018-16650 8.8 - High - September 07, 2018

phpMyFAQ before 2.9.11 allows CSRF.

Session Riding

The admin backend in phpMyFAQ before 2.9.11

CVE-2018-16651 7.2 - High - September 07, 2018

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

CSV Injection

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization

CVE-2004-2257 - December 31, 2004

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

forced browsing

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Phpmyfaq or by Phpmyfaq? Click the Watch button to subscribe.

Phpmyfaq
Vendor

Phpmyfaq
Product

subscribe