Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

phpMyFAQ — Vulnerabilities & Security Advisories 48

All 48 CVE vulnerabilities found in phpMyFAQ, with AI-generated Chinese analysis, references, and POCs.

This page documents known software vulnerabilities for phpMyFAQ, an open-source Frequently Asked Questions system, categorized by common weakness types. It aggregates data regarding cross-site scripting, SQL injection, and other security flaws affecting this specific application platform. The collection spans records from the initial public disclosure of vulnerabilities through to recently patched issues, ensuring a comprehensive historical view of the product's security posture over time. Here, users can track vendor advisories and official patches issued for phpMyFAQ to stay informed about active threats. You can also understand the technical details and impact of specific weakness classes that commonly affect content management systems like this one. Additionally, the page allows you to look up the product's vulnerability history to assess its risk profile and compliance status for internal audits. By centralizing these disparate security reports, the resource helps administrators, developers, and security analysts quickly identify whether their installations are exposed to known exploits. It serves as a reference point for understanding how long vulnerabilities have persisted and what mitigation strategies have been applied. This structured approach simplifies the process of managing software risk by providing clear, organized access to critical security information without the need to search multiple disparate sources.

Vendor: thorsten

CVE IDTitleCVSSSeverityPublished
CVE-2025-68951 phpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |raw CWE-79 5.4 Medium2025-12-29
CVE-2023-53929 phpMyFAQ 3.1.12 CSV Injection via User Profile Export CWE-1236 8.8 High2025-12-17
CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality CWE-89 7.2 High2025-11-17
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email CWE-286 8.1 High2025-10-03
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ CWE-79 5.2 Medium2025-01-02
CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames CWE-451 4.9 Medium2024-12-13
CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available CWE-209 8.6 High2024-12-06
CVE-2024-29196 phpMyFAQ Path Traversal in Attachments CWE-22 3.8 Low2024-03-26
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments CWE-79 4.8AIMediumAI2024-03-25
CVE-2024-28108 phpMyFAQ Stored HTML Injection at contentLink CWE-79 4.7 Medium2024-03-25
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry CWE-89 8.8 High2024-03-25
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content CWE-79 4.3 Medium2024-03-25
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE CWE-434 7.2 High2024-03-25
CVE-2024-27300 phpMyFAQ Stored XSS at user email CWE-79 5.5 Medium2024-03-25
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News" CWE-89 8.8 High2024-03-25
CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename CWE-79 6.5 Medium2024-02-05
CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes CWE-863 6.5 Medium2024-02-05
CVE-2024-22202 User Removal Page Allows Spoofing Of User Details CWE-284 5.7 Medium2024-02-05

All 48 known CVE vulnerabilities affecting phpMyFAQ with full Chinese analysis, references, and POCs where available.