Description
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Yam Mesicka · textwebappsphp
https://www.exploit-db.com/exploits/34785
References (8)
Core 8
Core References
Exploit x_refsource_misc
http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62092
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41625
Vendor Advisory x_refsource_confirm
http://www.phpmyfaq.de/advisory_2010-09-28.php
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/08/2
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2010/Sep/207
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/08/7
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/68268
Scores
EPSS
0.0286
EPSS Percentile
86.4%
Details
CWE
CWE-79
Status
published
Products (47)
phpmyfaq/phpmyfaq
1.0
phpmyfaq/phpmyfaq
1.0.1
phpmyfaq/phpmyfaq
1.0.1a
phpmyfaq/phpmyfaq
1.1.0
phpmyfaq/phpmyfaq
1.1.1
phpmyfaq/phpmyfaq
1.1.2
phpmyfaq/phpmyfaq
1.1.3
phpmyfaq/phpmyfaq
1.1.4
phpmyfaq/phpmyfaq
1.1.4a
phpmyfaq/phpmyfaq
1.1.5
... and 37 more
Published
Oct 22, 2012
Tracked Since
Feb 18, 2026