CVE-2014-6046

Опубликовано: 28 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.

Ссылки

http://techdefencelabs.com/security-advisories.html
Third Party Advisory
https://www.phpmyfaq.de/security/advisory-2014-09-16
Vendor Advisory
http://techdefencelabs.com/security-advisories.html
Third Party Advisory
https://www.phpmyfaq.de/security/advisory-2014-09-16
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*

Версия до 2.8.13 (исключая)

EPSS

Процентиль: 48%

0.0025

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6mv6-53cx-w57p