CVE-2024-56199

Summary

CVE-2024-56199 is a vulnerability affecting the open-source FAQ application phpMyFAQ. Versions prior to 4.0.2, including 3.2.10, are susceptible to this issue. An attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`. This injection manipulates the page structure, introducing overlapping buttons, images, and iframes, leading to a complete disruption of the FAQ page's user interface. This denial-of-service vulnerability can negatively impact user experience and potentially be used for phishing or defacement attacks. The affected pages become unusable, causing inconvenience to legitimate users. Version 4.0.2 includes a patch to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.