fkie_cve-2024-55889
Vulnerability from fkie_nvd
Published
2024-12-13 14:15
Modified
2024-12-13 21:15
Severity ?
Summary
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim\u0027s machine upon page visit by embedding it in an \u003ciframe\u003e element without user interaction or explicit consent. Version 3.2.10 fixes the issue."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de c\u00f3digo abierto para preguntas frecuentes. Antes de la versi\u00f3n 3.2.10, exist\u00eda una vulnerabilidad en el componente de registro de preguntas frecuentes por la que un atacante con privilegios pod\u00eda activar la descarga de un archivo en la m\u00e1quina de la v\u00edctima al visitar una p\u00e1gina incrust\u00e1ndolo en un elemento sin interacci\u00f3n del usuario ni consentimiento expl\u00edcito. La versi\u00f3n 3.2.10 soluciona el problema."
}
],
"id": "CVE-2024-55889",
"lastModified": "2024-12-13T21:15:13.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-13T14:15:22.653",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.