phpmyfaq/phpmyfaq is vulnerable to cross-site request forgery (CSRF) attacks. The library does not have CSRF protection for the phpmyfaq/admin/ajax.attachment.php
and phpmyfaq/admin/att.main.php
files, allowing a malicious user to send a request to the application to delete attachments.
CPE | Name | Operator | Version |
---|---|---|---|
phpmyfaq/phpmyfaq | le | 2.9.8 | |
thorsten/phpmyfaq | le | 2.9.8 |