CVE-2014-6046: CSRF
First published: Tue Aug 28 2018(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| phpMyFAQ | <2.8.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6046?
CVE-2014-6046 is considered a high severity vulnerability due to its potential for unauthorized actions through CSRF attacks.
How do I fix CVE-2014-6046?
To fix CVE-2014-6046, upgrade to phpMyFAQ version 2.8.13 or later.
What type of attack is CVE-2014-6046 associated with?
CVE-2014-6046 is associated with cross-site request forgery (CSRF) attacks.
What can an attacker do with CVE-2014-6046?
An attacker can hijack user authentication to delete active users or open questions.
Which versions of phpMyFAQ are affected by CVE-2014-6046?
CVE-2014-6046 affects phpMyFAQ versions prior to 2.8.13.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phpmyfaq
- canonical/phpmyfaq