CSRF Vulnerability in phpMyFaq Affects Various Versions
CVE-2017-15808

8.8HIGH

Key Information:

Vendor: pHPMyFAQ
Status: pHPMyFAQ
Vendor: CVE Published:; 23 October 2017

What is CVE-2017-15808?

A Cross-Site Request Forgery (CSRF) vulnerability exists in phpMyFaq versions prior to 2.9.9. This weakness allows an attacker to exploit the application's admin functionality via crafted requests without the user's consent. By leveraging this vulnerability, unauthorized actions can be executed, potentially compromising the integrity of the affected system.

References

https://github.com/thorsten/phpMyFAQ/commit/a249b4645fb86...

https://github.com/MarkLee131/awesome-web-pocs/blob/main/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 23, 2017

JSON

pHPMyFAQ

What is CVE-2017-15808?

References

CVSS V3.1

Timeline