thorsten/phpmyfaq Security Advisories for 3.2.x-dev (4)
-
[HIGH] phpMyFAQ has unauthenticated config backup download via /api/setup/backup
PKSA-w8m6-73n2-zbk6 CVE-2025-69200 GHSA-9cg9-4h4f-j6fg
Affected version: >=4.1.0-alpha,<=4.1.0-beta.2|<4.0.16
Reported by:
GitHub -
[HIGH] phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
PKSA-zh4p-vq78-zndy CVE-2025-62519 GHSA-fxm2-cmwj-qvx4
Affected version: <=4.0.13
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
PKSA-m8x7-3hjv-95dd CVE-2024-56199 GHSA-ww33-jppq-qfrp
Affected version: >=3.2.10,<=4.0.1
Reported by:
GitHub -
[HIGH] phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
PKSA-zk9c-crx1-g563 CVE-2024-54141 GHSA-vrjr-p3xp-xx2x
Affected version: <4.0.0
Reported by:
GitHub