Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2024-55889

Description

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Version 3.2.10 fixes the issue.</p> <h2>POC</h2> <h4>Reference</h4> <p>- https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc</p> <h4>Github</h4> <p>- https://github.com/ARPSyndicate/cve-scores</p> <p>- https://github.com/fkie-cad/nvd-json-data-feeds</p> <p>- https://github.com/geo-chen/phpMyFAQ</p> <p>- https://github.com/plzheheplztrying/cve_monitor</p> </body> </html>