Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames
Vulnerability Description
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
关键信息的UI错误表达
Vulnerability Title
phpMyFAQ 安全漏洞
Vulnerability Description
phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 3.2.10之前版本存在安全漏洞,该漏洞源于攻击者可以在访问页面时将文件嵌入iframe元素中,而无需用户交互或明确同意,从而触发受害者机器上的文件下载。
CVSS Information
N/A
Vulnerability Type
N/A