Tag

PhpMyFAQ

4 briefs RSS

phpMyFAQ SQL Injection via Unescaped OAuth Token

phpMyFAQ is vulnerable to SQL injection due to the `setTokenData` function failing to sanitize OAuth token fields from Azure AD JWT claims, potentially allowing attackers to execute arbitrary SQL commands via crafted Azure AD display names or custom claims.

phpMyFAQ <= 4.1.1 +1 sql-injection oauth phpmyfaq

2r 1t 1h ago

medium advisory

phpMyFAQ Unauthenticated FAQ Permission Bypass via Solution ID Enumeration

2 rules 1 TTP

phpMyFAQ version 4.1.1 and earlier is vulnerable to an unauthenticated FAQ permission bypass, allowing attackers to enumerate solution IDs and discover restricted FAQ titles due to missing permission filters in key functions.

phpmyfaq unauthenticated access information disclosure web server

2r 1t Jan 3, 2024

critical advisory

phpMyFAQ Unauthenticated 2FA Brute-Force Vulnerability

2 rules 1 TTP 1 IOC

phpMyFAQ is vulnerable to an unauthenticated 2FA brute-force attack via the `/admin/check` endpoint, allowing attackers to bypass two-factor authentication and gain administrative access.

phpMyFAQ 2FA Bypass Brute-Force Authentication

2r 1t 1i Jan 3, 2024

high advisory

phpMyFAQ Stored XSS Vulnerability in Comment Rendering

2 rules 2 TTPs 1 IOC

A stored XSS vulnerability in phpMyFAQ version 4.1.1 allows an authenticated user to inject JavaScript code into comments, leading to session cookie theft and potential admin account takeover when other users view the affected FAQ or News page.

phpMyFAQ 4.1.1 xss phpmyfaq stored-xss

2r 2t 1i Jan 2, 2024