HTML Injection Vulnerability in phpMyFAQ by Thorsten

CVE-2024-56199

What is CVE-2024-56199?

A vulnerability exists in phpMyFAQ, an open-source FAQ web application, enabling attackers to inject malicious HTML content into the FAQ editor. This occurs at the URL http://localhost/admin/index.php?action=editentry, allowing an attacker to create overlapping UI components that can disrupt the entire FAQ page layout. Legitimate users may experience a Denial of Service as the page becomes unusable due to injected HTML elements that obscure essential buttons and links. Such manipulation compromises both the user experience and the application’s integrity while presenting avenues for phishing or further defacement attacks. The issue affects versions starting from 3.2.10 up to, but not including, 4.0.2, which has been patched to resolve this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References