Vendor

PhpMyFAQ

5 briefs RSS

phpMyFAQ SQL Injection via Unescaped OAuth Token

phpMyFAQ is vulnerable to SQL injection due to the `setTokenData` function failing to sanitize OAuth token fields from Azure AD JWT claims, potentially allowing attackers to execute arbitrary SQL commands via crafted Azure AD display names or custom claims.

phpMyFAQ <= 4.1.1 +1 sql-injection oauth phpmyfaq

2r 1t 1h ago

critical advisory

phpMyFAQ Unauthenticated SQL Injection via User-Agent Header

2 rules 1 TTP

Unauthenticated SQL injection vulnerability exists in phpMyFAQ <= 4.1.1 due to improper handling of the User-Agent header in BuiltinCaptcha, allowing attackers to inject malicious SQL payloads and potentially gain complete control of the datastore.

phpMyFAQ sql-injection unauthenticated web-application

2r 1t Jan 9, 2024

medium advisory

phpMyFAQ Unauthenticated FAQ Permission Bypass via Solution ID Enumeration

2 rules 1 TTP

phpMyFAQ version 4.1.1 and earlier is vulnerable to an unauthenticated FAQ permission bypass, allowing attackers to enumerate solution IDs and discover restricted FAQ titles due to missing permission filters in key functions.

phpmyfaq unauthenticated access information disclosure web server

2r 1t Jan 3, 2024

critical advisory

phpMyFAQ Unauthenticated 2FA Brute-Force Vulnerability

2 rules 1 TTP 1 IOC

phpMyFAQ is vulnerable to an unauthenticated 2FA brute-force attack via the `/admin/check` endpoint, allowing attackers to bypass two-factor authentication and gain administrative access.

phpMyFAQ 2FA Bypass Brute-Force Authentication

2r 1t 1i Jan 3, 2024

high advisory

phpMyFAQ Stored XSS Vulnerability in Comment Rendering

2 rules 2 TTPs 1 IOC

A stored XSS vulnerability in phpMyFAQ version 4.1.1 allows an authenticated user to inject JavaScript code into comments, leading to session cookie theft and potential admin account takeover when other users view the affected FAQ or News page.

phpMyFAQ 4.1.1 xss phpmyfaq stored-xss

2r 2t 1i Jan 2, 2024