First published: Tue Oct 31 2023(Updated: )
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
Credit: security@huntr.dev security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Phpmyfaq Phpmyfaq | <3.2.1 | |
composer/thorsten/phpmyfaq | <3.2.1 | 3.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5866 is a vulnerability in the GitHub repository thorsten/phpmyfaq that allows sensitive cookies to be transmitted over an insecure HTTPS session without the 'Secure' attribute.
CVE-2023-5866 is classified as a medium severity vulnerability with a severity score of 6.3.
CVE-2023-5866 affects thorsten/phpmyfaq versions prior to 3.2.1.
To fix CVE-2023-5866, upgrade thorsten/phpmyfaq to version 3.2.1 or later.
More information about CVE-2023-5866 can be found at the following references: [huntr.com](https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945), [GitHub commit](https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-5866).