Cross-Site Request Forgery (CSRF)

2018-09-1008:51:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

31.7%

JSON

phpMyFAQ is vulnerable to cross-site request forgery. An attacker is able activate any user on behalf of the administrator by tricking the victim into visiting a malicious site.

CPENameOperatorVersion
phpmyfaq/phpmyfaqle2.9.10
thorsten/phpmyfaqle2.9.10

CPE	Name	Operator	Version
	phpmyfaq/phpmyfaq	le	2.9.10
	thorsten/phpmyfaq	le	2.9.10

References

github.com/thorsten/phpMyFAQ/commit/9ec84ff1515e455c290b5c90cf9501c82d80a357

www.phpmyfaq.de/security/advisory-2018-09-02

0.001 Low

EPSS

Percentile

31.7%

JSON

Related for VERACODE:7450