Описание
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Version 3.2.10 fixes the issue.
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.10 (исключая)
cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06984
Низкий
4.9 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-451
Связанные уязвимости
CVSS3: 4.9
github
около 1 года назад
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
EPSS
Процентиль: 91%
0.06984
Низкий
4.9 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-451