CVE-2022-4409
published 2022-12-11CVE-2022-4409: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
PriorityP434high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.42%
33.8th percentile
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmyfaq | phpmyfaq | < 3.1.9 | 3.1.9 |
| thorsten | phpmyfaq | >= 0 < 3.1.9 | 3.1.9 |
| thorsten | thorsten_phpmyfaq | >= unspecified < 3.1.9 | 3.1.9 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
phpMyFAQ has insecure HTTP cookies
osv·2022-12-11
CVE-2022-4409 [HIGH] phpMyFAQ has insecure HTTP cookies
phpMyFAQ has insecure HTTP cookies
phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9.
GHSA
phpMyFAQ has insecure HTTP cookies
ghsa·2022-12-11
CVE-2022-4409 [HIGH] CWE-311 phpMyFAQ has insecure HTTP cookies
phpMyFAQ has insecure HTTP cookies
phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-11
Published