Thorsten Rinne

CVE-2026-27836 WRITEUP HIGH WRITEUP

phpMyFAQ <4.0.18 - Auth Bypass

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.

CVSS 7.5

View Code

CVE-2017-15728 WRITEUP MEDIUM WRITEUP

Phpmyfaq < 2.9.8 - XSS

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.

CVSS 4.8

View Code

CVE-2017-15729 WRITEUP HIGH WRITEUP

Phpmyfaq < 2.9.8 - CSRF

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.

CVSS 8.8

View Code

CVE-2017-15731 WRITEUP HIGH WRITEUP

Phpmyfaq < 2.9.8 - CSRF

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.

CVSS 8.8

View Code

CVE-2017-15732 WRITEUP HIGH WRITEUP

Phpmyfaq < 2.9.8 - CSRF

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.

CVSS 8.8

View Code

CVE-2017-15733 WRITEUP HIGH WRITEUP

Phpmyfaq < 2.9.8 - CSRF

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.

CVSS 8.8

View Code

CVE-2017-15809 WRITEUP MEDIUM WRITEUP

Phpmyfaq < 2.9.8 - XSS

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.

CVSS 6.1

View Code

CVE-2017-7579 WRITEUP MEDIUM WRITEUP

phpMyFAQ <2.9.7 - XSS

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.

CVSS 6.1

View Code

CVE-2022-3608 WRITEUP HIGH WRITEUP

Phpmyfaq < 3.1.7 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.

CVSS 8.4

View Code

CVE-2022-3754 WRITEUP CRITICAL WRITEUP

thorsten/phpmyfaq <3.1.8 - Info Disclosure

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVSS 9.8

View Code

CVE-2022-3765 WRITEUP MEDIUM WRITEUP

Phpmyfaq < 3.1.8 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVSS 5.4

View Code

CVE-2022-4408 WRITEUP MEDIUM WRITEUP

Phpmyfaq < 3.1.9 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CVSS 5.4

View Code

CVE-2022-4409 WRITEUP HIGH WRITEUP

thorsten/phpmyfaq <3.1.9 - Info Disclosure

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CVSS 7.5

View Code

CVE-2023-0306 WRITEUP MEDIUM WRITEUP

thorsten/phpmyfaq <3.1.10 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 5.4

View Code

CVE-2023-0307 WRITEUP CRITICAL WRITEUP

thorsten/phpmyfaq <3.1.10 - Info Disclosure

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 9.8

View Code

CVE-2023-0308 WRITEUP MEDIUM WRITEUP

thorsten/phpmyfaq <3.1.10 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 5.4

View Code

CVE-2023-0309 WRITEUP MEDIUM WRITEUP

thorsten/phpmyfaq <3.1.10 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 5.4

View Code

CVE-2023-0310 WRITEUP MEDIUM WRITEUP

thorsten/phpmyfaq <3.1.10 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 5.4

View Code

CVE-2023-0311 WRITEUP CRITICAL WRITEUP

thorsten/phpmyfaq <3.1.10 - Auth Bypass

Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 9.8

View Code

CVE-2023-0312 WRITEUP MEDIUM WRITEUP

thorsten/phpmyfaq <3.1.10 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 6.1

View Code

CVE-2023-0313 WRITEUP MEDIUM WRITEUP

thorsten/phpmyfaq <3.1.10 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 5.4

View Code

CVE-2023-0314 WRITEUP MEDIUM WRITEUP

thorsten/phpmyfaq <3.1.10 - XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS 6.1

View Code

CVE-2023-0786 WRITEUP HIGH WRITEUP

Phpmyfaq < 3.1.11 - XSS

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVSS 8.4

View Code

CVE-2023-0787 WRITEUP HIGH WRITEUP

Phpmyfaq < 3.1.11 - XSS

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVSS 8.1

View Code

CVE-2023-0788 WRITEUP HIGH WRITEUP

Phpmyfaq < 3.1.11 - Code Injection

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVSS 8.1

View Code