Veracode Vulnerability DatabaseVERACODE:45356Phishing Attack
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
17.0%
phpmyfaq/phpmyfaq is vulnerability to a Phishing Attack. The vulnerability is due the functionality to share articles. This vulnerability allows an unauthenticated attacker to utilize the target application’s email server to send thousands of phishing messages because the backend email address count is not properly restricted.
References
github.com/advisories/GHSA-9hhf-xmcw-r3xg
github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e
github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e#diff-52fd427aac0108286f77b822a797f404687253ed17ca88fde5afda9804c81855
github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
17.0%