CVE-2026-34974 PHP — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	5.4 (MEDIUM)
Fixed In	4.1.1
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	PHP
Public PoC	No

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. Any user with edit_faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from editor to full admin takeover.

This issue has been patched in version 4.1.1.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 2

https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1

security-advisories@github.com

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33691

Coreruleset

6.8

CVE-2026-26895

PHP

None

CVE-2026-5344

PHP

5.3

CVE-2026-34973

PHP

6.9

CVE-2026-32629

PHP

5.4

Menu

CVE-2026-34974

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-33691

CVE-2026-26895

CVE-2026-5344

CVE-2026-34973

CVE-2026-32629

CVE Details

Editor's Choice

Menu

CVE-2026-34974

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-33691

CVE-2026-26895

CVE-2026-5344

CVE-2026-34973

CVE-2026-32629

CVE Details

Editor's Choice

Stay informed on cybersecurity