Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38443
HistoryDec 13, 2022 - 2:45 a.m.

Information Disclosure

2022-12-1302:45:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
phpmyfaq
information disclosure
setcookie function
session.php
insecure http cookies
secure attribute
vulnerability
software

EPSS

0.001

Percentile

51.3%

JSON

thorsten/phpmyfaq is vulnerable to information disclosure.The vulnerability exists in the setCookie function of session.php due to insecure HTTP cookies without the ‘secure’ attribute which allows an attacker to gain access to sensitive information.

Related

prion 1
huntr 1
nvd 1
osv 2
github 1
cve 1
cvelist 1
openvas 1
prion
prion
Session fixation
2022-12-11 15:15:00
huntr
huntr
TLS Cookie without `secure` flag at https://roy.demo.phpmyfaq.de
2022-11-18 11:14:28
nvd
nvd
CVE-2022-4409
2022-12-11 15:15:10
osv
osv
CVE-2022-4409
2022-12-11 15:15:10
phpMyFAQ has insecure HTTP cookies
2022-12-11 15:30:44
github
github
phpMyFAQ has insecure HTTP cookies
2022-12-11 15:30:44
cve
cve
CVE-2022-4409
2022-12-11 15:15:10
cvelist
cvelist
CVE-2022-4409 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
2022-12-11 00:00:00
openvas
openvas
phpMyFAQ < 3.1.9 Multiple Vulnerabilities
2022-12-12 00:00:00

EPSS

0.001

Percentile

51.3%

JSON
Related for VERACODE:38443
prion1huntr1nvd1osv2github1cve1cvelist1openvas1