Security Advisories - phpmyfaq/phpmyfaq

phpmyfaq/phpmyfaq Security Advisories for 2.8.0-beta3 (23)

[CRITICAL] phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

PKSA-6nrc-qfr1-rds3 GHSA-289f-fq7w-6q2w

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

PKSA-tvkw-wcnm-h63h GHSA-gh9p-q46p-57g2

Affected version: <=4.1.1

Reported by:
GitHub
[HIGH] phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query

PKSA-76kk-7mdh-r8h5 GHSA-99qv-g4x9-mgc3

Affected version: <=4.1.1

Reported by:
GitHub
[HIGH] phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

PKSA-r4gq-dd3d-gxrj GHSA-pm8c-3qq3-72w7

Affected version: <=4.1.1

Reported by:
GitHub
[CRITICAL] phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

PKSA-6pt5-mfr3-5b72 GHSA-9pq7-mfwh-xx2j

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

PKSA-7dk8-b5d5-n9bf GHSA-pqh6-8fxf-jx22

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

PKSA-n88j-cgtd-2fvg GHSA-rm98-82fr-mcfx

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

PKSA-jn65-sph2-9wn9 GHSA-whqh-9pq5-c7r3

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

PKSA-6zc3-3brt-ftsh GHSA-f5p7-2c9q-8896

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

PKSA-117q-9kx2-kjzm GHSA-7cx3-2qx2-3g6w

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check

PKSA-8syh-w2cp-tqks GHSA-hpgw-ww76-c68r

Affected version: <=4.1.1

Reported by:
GitHub
[MEDIUM] phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()

PKSA-yq8b-v8fg-rvf8 CVE-2026-34729 GHSA-cv2g-8cj8-vgc7

Affected version: <=4.1.0

Reported by:
GitHub
[HIGH] phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController

PKSA-n57d-sn2t-c46g CVE-2026-34728 GHSA-38m8-xrfj-v38x

Affected version: <=4.1.0

Reported by:
GitHub
[MEDIUM] phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor

PKSA-25jh-4r4k-gpj5 CVE-2026-32629 GHSA-98gw-w575-h2ph

Affected version: <=4.1.0

Reported by:
GitHub
[MEDIUM] phpMyFAQ: Public API endpoints expose emails and invisible questions

PKSA-g4rh-637x-8kby CVE-2026-24422 GHSA-j4rc-96xj-gvqc

Affected version: <=4.0.16

Reported by:
GitHub
[MEDIUM] phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

PKSA-kw83-ss3b-tqsv CVE-2026-24421 GHSA-wm8h-26fv-mg7g

Affected version: <=4.0.16

Reported by:
GitHub
[MEDIUM] phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

PKSA-bn6v-4n7v-4dtq CVE-2026-24420 GHSA-7p9h-m7m8-vhhv

Affected version: <=4.0.16

Reported by:
GitHub
[MEDIUM] phpMyFAQ contains a CSV injection vulnerability

PKSA-1cq7-dh6p-78w8 CVE-2023-53929 GHSA-x2v3-9p22-w3x6

Affected version: <=3.1.12

Reported by:
GitHub
[HIGH] phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

PKSA-mvvf-b3jn-bt43 CVE-2025-62519 GHSA-fxm2-cmwj-qvx4

Affected version: <=4.0.13

Reported by:
GitHub
[MEDIUM] phpMyFAQ vulnerable to stored XSS on attachments filename

PKSA-hdfq-3r6d-xzjt CVE-2024-24574 GHSA-7m8g-fprr-47fx

Affected version: <3.2.5

Reported by:
GitHub
[MEDIUM] phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

PKSA-qfjp-pm9r-s97r CVE-2024-22208 GHSA-9hhf-xmcw-r3xg

Affected version: <3.2.5

Reported by:
GitHub
[MEDIUM] phpMyFAQ User Removal Page Allows Spoofing Of User Details

PKSA-q87w-7ynx-prc4 CVE-2024-22202 GHSA-6648-6g96-mg35

Affected version: <3.2.5

Reported by:
GitHub
[HIGH] phpMyFAQ vulnerable to Cross-site Scripting

PKSA-k57y-tc6t-fmbw CVE-2022-3608 GHSA-6rj8-9cm9-6gff

Affected version: <=3.1.7

Reported by:
GitHub

phpmyfaq/phpmyfaq Security Advisories for 2.8.0-beta3 (23)

[CRITICAL] phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

[MEDIUM] phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

[HIGH] phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query

[HIGH] phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

[CRITICAL] phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

[MEDIUM] phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

[MEDIUM] phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

[MEDIUM] phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

[MEDIUM] phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

[MEDIUM] phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

[MEDIUM] phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check

[MEDIUM] phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()

[HIGH] phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController

[MEDIUM] phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor

[MEDIUM] phpMyFAQ: Public API endpoints expose emails and invisible questions

[MEDIUM] phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

[MEDIUM] phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

[MEDIUM] phpMyFAQ contains a CSV injection vulnerability

[HIGH] phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

[MEDIUM] phpMyFAQ vulnerable to stored XSS on attachments filename

[MEDIUM] phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

[MEDIUM] phpMyFAQ User Removal Page Allows Spoofing Of User Details

[HIGH] phpMyFAQ vulnerable to Cross-site Scripting