CVE-2014-6046

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.

Published: Aug 28, 2018
Updated: Apr 13, 2023
CVE: CVE-2014-6046
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
phpmyfaq / phpmyfaq	-	2.8.13

http://techdefencelabs.com/security-advisories.html
https://www.phpmyfaq.de/security/advisory-2014-09-16

Vulnerability Database

290,300

CVE-2014-6046