diff options
| author | Florian Smeets <flo@FreeBSD.org> | 2022-10-21 10:14:20 +0000 |
|---|---|---|
| committer | Florian Smeets <flo@FreeBSD.org> | 2022-10-21 10:14:20 +0000 |
| commit | aa9e5247ae5213b9c5c533c186f0f483cc70b388 (patch) | |
| tree | a1d50dff7acb2734403b48ca514d17ad51d19925 | |
| parent | e89ef50b4f35c0ab79c75b38359ae926330711dd (diff) | |
| download | ports-aa9e5247ae5213b9c5c533c186f0f483cc70b388.tar.gz ports-aa9e5247ae5213b9c5c533c186f0f483cc70b388.zip | |
security/vuxml: Document vulnerabilities in phpmyfaq
| -rw-r--r-- | security/vuxml/vuln-2022.xml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 22d57e92a254..1f7f14590b27 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,29 @@ + <vuln vid="c253c4aa-5126-11ed-8a21-589cfc0f81b0"> + <topic>phpmyfaq -- CSRF vulnerability</topic> + <affects> + <package> + <name>phpmyfaq</name> + <range><lt>3.1.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpmyfaq developers report:</p> + <blockquote cite="https://www.phpmyfaq.de/security/advisory-2022-10-02"> + <p> phpMyFAQ does not implement sufficient checks to avoid + CSRF when logging out an user.</p> + </blockquote> + </body> + </description> + <references> + <url>https://huntr.dev/bounties/76095ac1-da12-449b-9564-4a086be96592/</url> + </references> + <dates> + <discovery>2022-10-02</discovery> + <entry>2022-10-21</entry> + </dates> + </vuln> + <vuln vid="d6d088c9-5064-11ed-bade-080027881239"> <topic>Python -- multiple vulnerabilities</topic> <affects> |