thorsten/phpmyfaq Security Advisories for 4.0.14 (9)
-
[MEDIUM] phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
PKSA-yy2b-x6vy-wsx2 CVE-2026-34974 GHSA-5crx-pfhq-4hgg
Affected version: <=4.1.0
Reported by:
GitHub -
[MEDIUM] phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
PKSA-fk9h-qz7y-fk1q CVE-2026-34973 GHSA-gcp9-5jc8-976x
Affected version: <4.1.1
Reported by:
GitHub -
[MEDIUM] phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
PKSA-t2yv-wns1-2p5c CVE-2026-32629 GHSA-98gw-w575-h2ph
Affected version: <=4.1.0
Reported by:
GitHub -
[HIGH] phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint
PKSA-y9f6-42c9-xggs CVE-2026-27836 GHSA-w22q-m2fm-x9f4
Affected version: <4.0.18
Reported by:
GitHub -
[MEDIUM] phpMyFAQ: Public API endpoints expose emails and invisible questions
PKSA-2sk9-r8yw-1gc5 CVE-2026-24422 GHSA-j4rc-96xj-gvqc
Affected version: <=4.0.16
Reported by:
GitHub -
[MEDIUM] phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
PKSA-fgvt-rx8y-b52y CVE-2026-24421 GHSA-wm8h-26fv-mg7g
Affected version: <=4.0.16
Reported by:
GitHub -
[MEDIUM] phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
PKSA-mvwk-xn5v-s54b CVE-2026-24420 GHSA-7p9h-m7m8-vhhv
Affected version: <=4.0.16
Reported by:
GitHub -
[HIGH] phpMyFAQ has unauthenticated config backup download via /api/setup/backup
PKSA-w8m6-73n2-zbk6 CVE-2025-69200 GHSA-9cg9-4h4f-j6fg
Affected version: >=4.1.0-alpha,<=4.1.0-beta.2|<4.0.16
Reported by:
GitHub -
[MEDIUM] phpMyFAQ has Stored XSS in user list via admin-managed display_name
PKSA-hj4y-1t5r-b8zy CVE-2025-68951 GHSA-jv8r-hv7q-p6vc
Affected version: >=4.0.14,<4.0.16
Reported by:
GitHub