cbcvebase.
CVE-2024-55889
published 2024-12-13

CVE-2024-55889: phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can…

PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
2.12%
79.6th percentile
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Version 3.2.10 fixes the issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
phpmyfaqphpmyfaq< 3.2.103.2.10
thorstenphpmyfaq< 3.2.103.2.10
thorstenphpmyfaq>= 0 < 3.2.103.2.10
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.