thorsten/phpmyfaq
Packagist103 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting thorsten/phpmyfaqpage 3 of 3
- CVE-2026-48488LOWCVSS 2.7EG 2.7✓ Fixed in 4.1.42026-06-08
vulnerable: 2.10.0-alpha ... 4.1.3 (172 versions)
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4…
- CVE-2026-49205MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.1.42026-06-18
vulnerable: 2.10.0-alpha ... 4.1.3 (172 versions)
phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 addressed this in the BackupController by adding: $this->userHasPermission(PermissionType::BA…
- CVE-2026-56396HIGHCVSS 8.8EG 8.8✓ Fixed in 4.1.42026-06-21
vulnerable: 2.10.0-alpha ... 4.1.3 (172 versions)
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_s…
Check whether thorsten/phpmyfaq is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for thorsten/phpmyfaq CVEs against the assets you own.
Start Free Scan →