Published:2014/02/07  Last Updated:2014/02/07

JVN#50943964
phpMyFAQ vulnerable to cross-site request forgery

Overview

phpMyFAQ contains a cross-site request forgery vulnerability.

Products Affected

  • phpMyFAQ versions 2.8.5 and earlier

Description

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site request forgery vulnerability.

Impact

If a user views a malicious page while logged in, settings may be changed unintentionally.

Solution

Apply an Update
Update to the latest version according to the information provided by the vendor.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2014.02.07

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspiciouse
  • High

Description of each analysis measures

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2014-0813
JVN iPedia JVNDB-2014-000016