CVE-2014-6050

MEDIUM

phpmyfaq < 2.8.13 - CAPTCHA Bypass via Request Replay

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6050. PoCs published by smash.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in phpMyFAQ 2.8.X, including persistent XSS via unfiltered referrer and user agent fields, unauthenticated FAQ data disclosure, and CSRF attacks to modify configurations or delete users/categories.

Description

phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.

Exploits (1)

exploitdb WORKING POC

by smash · textwebappsphp

https://www.exploit-db.com/exploits/34580

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in phpMyFAQ 2.8.X, including persistent XSS via unfiltered referrer and user agent fields, unauthenticated FAQ data disclosure, and CSRF attacks to modify configurations or delete users/categories.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak | Auth Bypass | Csrf

Complexity

Trivial

Reliability

Reliable

Target: phpMyFAQ >= 2.8.12

No auth needed

Prerequisites: Access to the target phpMyFAQ instance · Ability to send crafted HTTP requests

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise T1566.002 - Spearphishing Link T1595.002 - Vulnerability Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

http://techdefencelabs.com/security-advisories.html

Vendor Advisory x_refsource_confirm

https://www.phpmyfaq.de/security/advisory-2014-09-16

Scores

CVSS v3 5.3

EPSS 0.0455

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-254

Status published

Products (1)

phpmyfaq/phpmyfaq < 2.8.13

Published Aug 28, 2018

Tracked Since Feb 18, 2026