Cross-Site Request Forgery Vulnerabilities in phpMyFAQ by phpMyFAQ
CVE-2014-6046

8.8HIGH

Key Information:

Vendor: pHPMyFAQ
Status: pHPMyFAQ
Vendor: CVE Published:; 28 August 2018

What is CVE-2014-6046?

The phpMyFAQ application is susceptible to several cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to bypass authentication controls for various critical operations. These include the ability to delete active users through improper CSRF token validation, manage open questions, activate or publish FAQs, and manipulate glossary terms, news, and comments. Attackers can exploit the lack of adequate CSRF protection to execute unauthorized actions on behalf of legitimate users, jeopardizing user data integrity and application security.

References

http://techdefencelabs.com/security-advisories.html

x_refsource_MISC

https://www.phpmyfaq.de/security/advisory-2014-09-16

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2018
Vulnerability Reserved
Sep 1, 2014

JSON

pHPMyFAQ

What is CVE-2014-6046?

References

CVSS V3.1

Timeline