vulnerability

FreeBSD: phpmyfaq -- cross-site request forgery vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Apr 11, 2016	Apr 25, 2016	Feb 19, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Apr 11, 2016

Added

Apr 25, 2016

Modified

Feb 19, 2025

Description

The phpMyFAQ team reports:

The vulnerability exists due to application does not properly
verify origin of HTTP requests in "Interface Translation"
functionality.: A remote unauthenticated attacker can create
a specially crafted malicious web page with CSRF exploit, trick
a logged-in administrator to visit the page, spoof the HTTP
request, as if it was coming from the legitimate user, inject
and execute arbitrary PHP code on the target system with privileges
of the webserver.

Solution

freebsd-upgrade-package-phpmyfaq

References

URL-http://www.phpmyfaq.de/security/advisory-2016-04-11
URL-https://www.htbridge.com/advisory/HTB23300

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today