List of Security Advisories

We take any security issues found in phpMyFAQ or bundled components seriously. Below are all published security advisories, grouped by year and ordered from newest to oldest.

2026

5 advisories
May 14, 2026High

Security Advisory 2026-05-14

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 4.1.2
Apr 28, 2026Critical

Security Advisory 2026-04-28

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 4.1.1
Mar 31, 2026High

Security Advisory 2026-03-31

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 4.1.0
Feb 27, 2026High

Security Advisory 2026-02-27

Unauthenticated account creation via WebAuthn prepare endpoint vulnerability in phpMyFAQ

phpMyFAQ <= 4.0.17
Jan 23, 2026Moderate

Security Advisory 2026-01-23

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 4.0.16

2025

4 advisories
Dec 29, 2025High

Security Advisory 2025-12-29

Stored cross-site scripting (XSS) and unauthenticated config backup download vulnerability in phpMyFAQ

phpMyFAQ <= 4.0.15
Nov 15, 2025High

Security Advisory 2025-11-15

Authenticated SQL Injection in Configuration Update Functionality in phpMyFAQ

phpMyFAQ <= 4.0.13
Oct 03, 2025High

Security Advisory 2025-10-03

Duplicate email registration allows multiple accounts with the same email in phpMyFAQ

phpMyFAQ <= 4.0.12
Jan 02, 2025Medium

Security Advisory 2025-01-02

Stored HTML Injection vulnerability in phpMyFAQ

phpMyFAQ <= 4.0.0-RC.5

2024

5 advisories
Dec 06, 2024High

Security Advisory 2024-12-13

User Interface (UI) Misrepresentation of Critical Information vulnerability in phpMyFAQ

phpMyFAQ <= 4.0.0-RC.5
Dec 06, 2024High

Security Advisory 2024-12-06

Information disclosure vulnerability in phpMyFAQ

phpMyFAQ <= 4.0.0-RC.5
Jul 21, 2024High

Security Advisory 2024-07-21

Authentication Bypass in phpMyFAQ

phpMyFAQ <= 4.0.0-alpha.2
Mar 25, 2024Medium

Security Advisory 2024-03-25

XSS, SQL injections and bypass vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.2.5
Feb 05, 2024Medium

Security Advisory 2024-02-05

XSS, phishing and spoofing vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.2.4

2023

9 advisories
Oct 27, 2023Medium

Security Advisory 2023-10-27

XSS vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.2.1
Sep 21, 2023Medium

Security Advisory 2023-09-21

XSS vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.17
Aug 27, 2023Medium

Security Advisory 2023-08-27

XSS vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.16
Jul 16, 2023Medium

Security Advisory 2023-07-16

XSS and CSV injection vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.15
Apr 23, 2023Medium

Security Advisory 2023-05-17

XSS vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.13
Apr 23, 2023Medium

Security Advisory 2023-04-23

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.12
Feb 20, 2023Medium

Security Advisory 2023-03-20

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.11
Feb 12, 2023High

Security Advisory 2023-02-12

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.10
Jan 15, 2023High

Security Advisory 2023-01-15

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.9

2022

5 advisories
Dec 11, 2022High

Security Advisory 2022-12-11

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.8
Oct 24, 2022Medium

Security Advisory 2022-10-24

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.7
Oct 02, 2022Medium

Security Advisory 2022-10-02

Multiple CSRF and XSS vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.1.6
Jul 23, 2022Medium

Security Advisory 2022-07-23

Stored XSS vulnerability in phpMyFAQ

phpMyFAQ <= 3.1.5
Jan 17, 2022Medium

Security Advisory 2022-01-17

Multiple CSRF and XSS vulnerabilities in phpMyFAQ

phpMyFAQ <= 3.0.9

2021

1 advisory
Oct 22, 2021Medium

Security Advisory 2021-10-22

Missing DMARC record

phpmyfaq.de website

2020

1 advisory
Dec 23, 2020Medium

Security Advisory 2020-12-23

XSS in phpMyFAQ

phpMyFAQ <= 3.0.6

2018

1 advisory
Sep 02, 2018Medium

Security Advisory 2018-09-02

Multiple vulnerabilities in phpMyFAQ

phpMyFAQ <= 2.9.10

2017

4 advisories
Oct 19, 2017Medium

Security Advisory 2017-10-19

XSS, CSRF and SQL injection in phpMyFAQ

phpMyFAQ <= 2.9.8
Jul 12, 2017Medium

Security Advisory 2017-07-12

Improper Restriction in phpMyFAQ

phpMyFAQ <= 2.9.7
Apr 02, 2017High

Security Advisory 2017-04-02

Stored XSS in phpMyFAQ

phpMyFAQ <= 2.9.6
Jan 27, 2017critical

Security Advisory 2017-01-27

Execution of arbitrary PHP code in phpMyFAQ version 2.9

phpMyFAQ version <= 2.9.5

2016

2 advisories
May 31, 2016High

Security Advisory 2016-05-31

Stored XSS in phpMyFAQ

phpMyFAQ <= 2.8.28 and phpMyFAQ <= 2.9.0
Apr 11, 2016High

Security Advisory 2016-04-11

RCE via CSRF in phpMyFAQ

phpMyFAQ <= 2.8.26 and phpMyFAQ <= 2.9.0-RC2

2014

3 advisories
Nov 30, 2014High

Security Advisory 2014-11-30

Clickjacking vulnerability in phpMyFAQ 2.8

phpMyFAQ <= 2.8.17
Sep 16, 2014High

Security Advisory 2014-09-16

Multiple security vulnerabilities in phpMyFAQ 2.8

phpMyFAQ <= 2.8.12
Feb 04, 2014High

Security Advisory 2014-02-04

phpMyFAQ vulnerable to XSS and CSRF

phpMyFAQ <= 2.8.5

2013

2 advisories
Nov 26, 2013Medium

Security Advisory 2013-11-18

Possible arbitrary PHP code execution vulnerability

phpMyFAQ <= 2.8.3
Nov 18, 2013Medium

Security Advisory 2013-11-18

Permission vulnerability in phpMyFAQ 2.8.2

phpMyFAQ <= 2.8.2

2012

1 advisory
Apr 14, 2012Critical

Security Advisory 2012-04-14

Remote PHP Code Execution Vulnerability in phpMyFAQ 2.7.4 and earlier

phpMyFAQ <= 2.7.4

2011

2 advisories
Nov 25, 2011Critical

Security Advisory 2011-10-25

Remote PHP Code Injection Vulnerability in phpMyFAQ 2.6.18 and 2.7.0

phpMyFAQ <= 2.6.18 and phpMyFAQ <= 2.7.0
Sep 28, 2011Medium

Security Advisory 2011-09-28

Information disclosure vulnerability

phpMyFAQ <= 2.6.17

2010

2 advisories
Dec 15, 2010Critical

Security Advisory 2010-12-15

phpmyfaq.de compromised

phpMyFAQ > 2.6.10
Sep 28, 2010High

Security Advisory 2010-09-28

phpMyFAQ 2.6.x XSS vulnerabilities

phpMyFAQ <= 2.6.8

2009

3 advisories
Dec 01, 2009High

Security Advisory 2009-12-01

phpMyFAQ 2.5.x XSS vulnerabilities

phpMyFAQ <= 2.5.4
Sep 01, 2009High

Security Advisory 2009-09-01

phpMyFAQ 2.0.x XSS vulnerability

phpMyFAQ <= 2.5.1
Jun 02, 2009High

Security Advisory 2009-06-02

phpMyFAQ 2.0.x XSS vulnerability

phpMyFAQ <= 2.0.14

2008

1 advisory
Sep 11, 2008High

Security Advisory 2008-09-11

phpMyFAQ 2.x input sanitization errors (XSS)

phpMyFAQ <= 2.0.8

2007

1 advisory
Feb 18, 2007High

Security Advisory 2007-02-18

Remote code execution vulnerability in phpMyFAQ 1.6.x

phpMyFAQ <= 1.6.9

2006

2 advisories
Dec 15, 2006High

Security Advisory 2006-12-15

SQL injection and remote code execution vulnerabilities in phpMyFAQ 1.6.x

phpMyFAQ <= 1.6.7
Apr 21, 2006Medium

Security Advisory 2006-04-21

Memory leak vulnerability in phpMyFAQ 1.5.x / 1.6.x

phpMyFAQ <= 1.5.8 and phpMyFAQ <= 1.6.0 RC2

2005

5 advisories
Nov 18, 2005High

Security Advisory 2005-11-18

Multiple Cross Site Scripting vulnerabilities in phpMyFAQ 1.5.x

phpMyFAQ <= 1.5.3
Sep 23, 2005critical

Security Advisory 2005-09-23

SQL injection, takeover, path disclosure, remote code execution in phpMyFAQ 1.5.x

phpMyFAQ <= 1.5.2
Aug 15, 2005high

Security Advisory 2005-08-15

Remote PHP Code Injection Vulnerability in phpMyFAQ 1.4.x and 1.5.x

phpMyFAQ <= 1.4.10 and phpMyFAQ <= 1.5.0 RC6
Jun 29, 2005high

Security Advisory 2005-03-06

Execution of arbitrary PHP code in phpMyFAQ version 1.4 and 1.5

phpMyFAQ version 1.4 and 1.5
Mar 06, 2005medium

Security Advisory 2005-03-06

SQL injection vulnerability in phpMyFAQ version 1.4 and 1.5

phpMyFAQ version 1.4 and 1.5

2004

2 advisories
Jul 27, 2004medium

Security Advisory 2004-07-27

Vulnerability in phpMyFAQ version 1.4.0

phpMyFAQ version 1.4.0
May 18, 2004Advisory

Security Advisory 2004-05-18

Vulnerabilities in phpMyFAQ versions 1.2.x, 1.3.x and 1.4.0

Getting started

Resources

Misc