Advisories for Composer/Thorsten/Phpmyfaq package

2025

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped before being rendered on the page.

2024
2023

phpMyFAQ Improper Access Control vulnerability

phpMyFAQ prior to version 3.1.13 does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the system, including email addresses belonging to other users such as the administrator. Once the attacker has control of the other user's email address, they can request to remove the user from the …

2022