Vulnerabilities > Phpmyfaq > Phpmyfaq > 1.4.alpha1

DATE CVE VULNERABILITY TITLE RISK
2009-11-20 CVE-2009-4040 Cross-Site Scripting vulnerability in PHPmyfaq
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.
network
phpmyfaq CWE-79
4.3
4.3
2005-03-07 CVE-2005-0702 SQL-Injection vulnerability in phpMyFAQ
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
network
low complexity
phpmyfaq
5.0
5.0
2004-12-31 CVE-2004-2256 Directory Traversal vulnerability in phpMyFAQ Lang Parameter
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via ..
network
low complexity
phpmyfaq
5.0
5.0