Homepage

thorsten/phpmyfaq vulnerabilities

  • licenses detected

    • Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the thorsten/phpmyfaq package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Incorrect User Management

    >=4.0.7, <4.0.13
    • M
    User Interface (UI) Misrepresentation of Critical Information

    <3.2.10
    • C
    Credential Exposure

    <4.0.0
    • H
    SQL Injection

    >=3.2.5, <3.2.6
    • M
    Cross-site Scripting (XSS)

    >=3.2.5, <3.2.6
    • M
    Cross-site Scripting (XSS)

    >=3.2.5, <3.2.6
    • H
    Arbitrary File Upload

    >=3.2.5, <3.2.6
    • H
    SQL Injection

    >=3.2.5, <3.2.6
    • M
    Cross-site Scripting (XSS)

    >=3.2.5, <3.2.6
    • L
    Directory Traversal

    >=3.2.5, <3.2.6
    • M
    Cross-site Scripting (XSS)

    >=3.2.5, <3.2.6
    • M
    Improper Access Control

    <3.2.5
    • M
    Cross-site Scripting (XSS)

    <3.2.5
    • M
    Improper Access Control

    <3.2.5
    • M
    Cross-site Scripting (XSS)

    <3.1.17
    • M
    Cross-site Scripting (XSS)

    <3.1.17
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    <3.2.2
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    <3.2.1
    • M
    Cross-site Scripting (XSS)

    <3.2.2
    • M
    Sensitive Cookie Without 'Secure' Attribute

    <3.2.1
    • H
    Insufficient Session Expiration

    <3.2.2
    • M
    Cross-site Scripting (XSS)

    <3.1.18
    • M
    Cross-site Scripting (XSS)

    <3.1.18
    • M
    Cross-site Scripting (XSS)

    <3.1.18
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    <3.1.18
    • M
    Unrestricted Upload of File with Dangerous Type

    <3.1.8
    • M
    Cross-site Scripting (XSS)

    <3.1.16
    • H
    Improper Input Validation

    <3.1.16
    • M
    Cross-site Scripting (XSS)

    <3.2.0-RC
    • M
    Cross-site Scripting (XSS)

    <3.1.14
    • M
    Cross-site Scripting (XSS)

    <3.1.14
    • M
    Cross-site Scripting (XSS)

    <3.2.0-beta
    • M
    Cross-site Scripting (XSS)

    <3.2.0-beta
    • M
    Cross-site Scripting (XSS)

    <3.1.13
    • M
    Cross-site Scripting (XSS)

    <3.1.13
    • M
    Cross-site Scripting (XSS)

    <3.1.13
    • M
    Access Restriction Bypass

    <3.1.13
    • M
    Cross-site Scripting (XSS)

    <3.1.12
    • H
    Cross-site Scripting (XSS)

    <3.1.12
    • M
    Cross-site Scripting (XSS)

    <3.1.12
    • H
    Cross-site Scripting (XSS)

    <3.1.12
    • M
    Access Control Bypass

    <3.1.12
    • H
    Cross-site Scripting (XSS)

    <3.1.12
    • M
    Cross-site Scripting (XSS)

    <3.1.12
    • H
    Cross-site Scripting (XSS)

    <3.1.12
    • M
    Cross-site Scripting (XSS)

    <3.1.12
    • M
    Cross-site Scripting (XSS)

    <3.1.12
    • H
    Replay Attack

    <3.1.12
    • H
    Cross-site Scripting (XSS)

    <3.1.12
    • H
    Business Logic Errors

    <3.1.12
    • H
    Cross-site Scripting (XSS)

    >=0.0.0, <3.1.12
    • M
    Weak Password Requirements

    >=0.0.0, <3.1.12
    • M
    Improper Input Validation

    >=0.0.0, <3.1.12
    • H
    Cross-site Scripting (XSS)

    >=0.0.0, <3.1.12
    • M
    Cross-site Scripting (XSS)

    >=0.0.0, <3.1.12
    • M
    Arbitrary Code Injection

    >=0.0.0, <3.1.12
    • H
    Improper Privilege Management

    <3.1.12
    • H
    Misinterpretation of Input

    <3.1.11
    • H
    Arbitrary Command Injection

    <3.1.11
    • H
    Arbitrary Code Injection

    >=0.0.0, <3.1.11
    • M
    Cross-site Scripting (XSS)

    >=0.0.0, <3.1.11
    • H
    Uncaught Exception

    >=0.0.0, <3.1.11
    • M
    Arbitrary Code Injection

    >=0.0.0, <3.1.11
    • H
    Cross-site Scripting (XSS)

    >=0.0.0, <3.1.11
    • H
    Cross-site Scripting (XSS)

    >=0.0.0, <3.1.11
    • H
    Weak Password Requirements

    >=0.0.0, <3.1.11
    • M
    Cross-site Scripting (XSS)

    >=0.0.0, <3.1.11
    • H
    Cross-site Scripting (XSS)

    <3.1.10
    • H
    Cross-site Scripting (XSS)

    <3.1.10
    • H
    Cross-site Scripting (XSS)

    <3.1.10
    • M
    Weak Password Requirements

    <3.1.10
    • M
    Cross-site Scripting (XSS)

    <3.1.10
    • M
    Cross-site Scripting (XSS)

    <3.1.10
    • M
    Cross-site Scripting (XSS)

    <3.1.10
    • M
    Improper Authentication

    <3.1.10
    • M
    Access Restriction Bypass

    <3.1.10
    • H
    Cross-site Scripting (XSS)

    <3.1.10
    • M
    Cross-site Scripting (XSS)

    <3.1.9
    • M
    Cross-site Scripting (XSS)

    <3.1.9
    • M
    Information Exposure

    <3.1.9
    • M
    Cross-site Scripting (XSS)

    <3.1.8
    • M
    Cross-site Scripting (XSS)

    <3.1.8
    • M
    Weak Password Requirements

    <3.1.8
    • M
    Cross-site Scripting (XSS)

    >=0.0.0, <3.2.0-alpha
    • H
    CSV Injection

    <2.9.11
    • H
    Cross-site Request Forgery (CSRF)

    <2.9.11
    • M
    Cross-site Scripting (XSS)

    <2.9.9
    • H
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • H
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • H
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • M
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • H
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • H
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • H
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • H
    Cross-Site Request Forgery (CSRF)

    <2.9.9
    • M
    Cross-site Scripting (XSS)

    <2.9.9
    • M
    Cross-site Scripting (XSS)

    <2.9.9