CVE-2023-0791 in phpmyfaq
Summary
by MITRE • 02/12/2023
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/05/2025
The vulnerability identified as CVE-2023-0791 represents a stored cross-site scripting flaw within the thorsten/phpmyfaq GitHub repository, affecting versions prior to 3.1.11. This issue resides in the web application's handling of user input data, specifically within the content management and user interaction components of the phpMyFAQ platform. The vulnerability stems from insufficient sanitization and validation of user-supplied data before it is stored in the database and subsequently rendered back to other users within the application interface.
The technical implementation of this stored XSS vulnerability occurs when malicious users submit crafted script payloads through input fields that are not properly escaped or validated. These payloads are then stored in the database and executed whenever other users view the affected content, creating a persistent threat vector. The flaw typically manifests in areas where user-generated content such as comments, forum posts, or configuration data is processed and displayed without adequate output encoding. This type of vulnerability allows attackers to inject malicious scripts that can steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users.
From an operational impact perspective, this vulnerability presents a significant risk to the confidentiality and integrity of the phpMyFAQ application and its user data. Attackers can exploit this flaw to establish persistent backdoors within the application, potentially compromising the entire knowledge management system. The stored nature of the vulnerability means that the malicious payload remains active until manually removed from the database, making it particularly dangerous for long-term exploitation. Organizations relying on phpMyFAQ for internal documentation, support knowledge bases, or public-facing help systems face elevated risk of unauthorized access and data exfiltration.
The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in software applications, and demonstrates characteristics consistent with the ATT&CK technique T1566.001 for initial access through malicious web content. Organizations should immediately implement mitigations including upgrading to phpMyFAQ version 3.1.11 or later, which contains the necessary patches to sanitize user input properly. Additional protective measures include implementing Content Security Policy headers, conducting regular input validation checks, and employing web application firewalls to monitor for suspicious script patterns. Security teams should also perform thorough database audits to identify any existing malicious payloads and establish monitoring procedures for detecting similar vulnerabilities in other components of their web infrastructure.