vulnerability
FreeBSD: VID-cbfc1591-c8c0-11ee-b45a-589cfc0f81b0: phpmyfaq -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Feb 11, 2024 | Feb 14, 2024 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Feb 11, 2024
Added
Feb 14, 2024
Modified
Dec 10, 2025
Description
phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account.
Solutions
freebsd-upgrade-package-phpmyfaq-php81freebsd-upgrade-package-phpmyfaq-php82freebsd-upgrade-package-phpmyfaq-php83
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.