Known Vulnerabilities for Phpmyfaq by Thorsten
Listed below are 10 of the newest known vulnerabilities associated with "Phpmyfaq" by "Thorsten".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-57996 json | phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin a... | Not Provided | 2026-07-15 | 2026-07-16 |
| CVE-2026-57995 json | phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_E... | Not Provided | 2026-06-30 | 2026-07-01 |
| CVE-2026-57994 json | phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, all... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-57961 json | phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function with... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-56396 json | phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allo... | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-49205 json | phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryContro... | Not Provided | 2026-06-18 | 2026-06-22 |
| CVE-2026-48488 json | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a crypto... | Not Provided | 2026-06-08 | 2026-06-09 |
| CVE-2026-46367 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated use... | Not Provided | 2026-05-15 | 2026-05-28 |
| CVE-2026-46366 json | phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permiss... | Not Provided | 2026-05-15 | 2026-05-28 |
| CVE-2026-46365 json | phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint t... | Not Provided | 2026-05-15 | 2026-05-28 |