Cross-site Request Forgery (CSRF)

2017-10-2305:12:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

56.9%

JSON

phpmyfaq is vulnerable to cross-site request forgery (CSRF) attacks. The application does not implement any CSRF protections in the phpmyfaq/admin/stat.ratings.php file, allowing a malicious user to send an unauthorized request to modify the information presented.

CPENameOperatorVersion
phpmyfaq/phpmyfaqle2.9.8
thorsten/phpmyfaqle2.9.8

CPE	Name	Operator	Version
	phpmyfaq/phpmyfaq	le	2.9.8
	thorsten/phpmyfaq	le	2.9.8

References

github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for VERACODE:5305