CVE-2014-6046

HIGH

Phpmyfaq < 2.8.13 - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/34580

References (2)

Scores

CVSS v3 8.8
EPSS 0.0024
EPSS Percentile 46.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
phpmyfaq/phpmyfaq < 2.8.13
Published Aug 28, 2018
Tracked Since Feb 18, 2026