N/A

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.

N/A

N/A

phpMyFAQ 跨站请求伪造漏洞

phpMyFAQ是phpMyFAQ团队开发的一套开源的完全数据库驱动的FAQ（问答）系统。该系统支持多语言、多种数据库等，并包含有内容管理系统、社区等模块。 phpMyFAQ 2.8.13之前版本中存在跨站请求伪造漏洞，该漏洞源于程序缺少跨站请求伪造令牌。远程攻击者可利用该漏洞执行未授权的操作，例如：删除活动用户，删除公开的问题，激活用户，发布FAQs，添加/删除词汇或添加/删除评论等。

N/A

N/A