VYPR
Moderate severityNVD Advisory· Published Dec 13, 2024· Updated Dec 13, 2024

phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

CVE-2024-55889

Description

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Version 3.2.10 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
thorsten/phpmyfaqPackagist
< 3.2.103.2.10

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.