GHSA-6gf2-ffq8-gcww: GHSL-2024-288: SickChill open redirect in login

GHSA-j3f9-p6hm-5w6q: Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

GHSA-cjgq-5qmw-rcj6: keras Path Traversal vulnerability

GHSA-j4jw-m6xr-fv6c: Soft Serve vulnerable to path traversal attacks

GHSA-mjf9-4pcv-vfg7: Apache OpenMeetings vulnerable to Deserialization of Untrusted Data 

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12.

**thorsten/phpmyfaq vulnerable to improper access control**

Moderate severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 6, 2023

Headline

GHSA-2wjp-w7g7-h63q: thorsten/phpmyfaq vulnerable to improper access control

Related news

ghsa: Latest News