Vulnerabilities > Phpmyfaq > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2014-6046 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2018-08-28 CVE-2014-6045 SQL Injection vulnerability in PHPmyfaq
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
network
low complexity
phpmyfaq CWE-89
7.2
7.2
2017-10-23 CVE-2017-15808 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15735 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15734 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15733 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15732 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15731 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15730 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15729 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
network
low complexity
phpmyfaq CWE-352
8.8
8.8