CVE-2024-55889

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-55889

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-55889.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-55889

Aliases

GHSA-m3r7-8gw7-qwvc

Published

2024-12-13T13:44:57Z

Modified

2025-11-10T19:47:44.505083Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

Details

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-451"
    ]
}

References

Affected packages

Git / github.com/thorsten/phpmyfaq

Affected ranges

Type: GIT
Repo: https://github.com/thorsten/phpmyfaq
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fa0f7368dc3288eedb1915def64ef8fb270f711d

Affected versions

2.*

2.10.0-alpha

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.6.0

2.6.0-RC

2.6.0-alpha

2.6.0-beta

2.6.1

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.0-RC

2.7.0-alpha

2.7.0-alpha2

2.7.0-beta

2.7.0-beta2

2.7.0-beta3

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.8.0

2.8.0-RC

2.8.0-RC2

2.8.0-RC3

2.8.0-RC4

2.8.0-alpha

2.8.0-alpha2

2.8.0-alpha3

2.8.0-beta

2.8.0-beta2

2.8.0-beta3

2.8.1

2.8.10

2.8.11

2.8.12

2.8.13

2.8.14

2.8.15

2.8.16

2.8.17

2.8.18

2.8.19

2.8.2

2.8.20

2.8.21

2.8.22

2.8.23

2.8.24

2.8.25

2.8.26

2.8.27

2.8.28

2.8.29

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.0-RC

2.9.0-RC2

2.9.0-RC3

2.9.0-RC4

2.9.0-alpha

2.9.0-alpha2

2.9.0-alpha3

2.9.0-alpha4

2.9.0-beta

2.9.0-beta2

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0.0

3.0.0-RC

3.0.0-RC.2

3.0.0-alpha

3.0.0-alpha.2

3.0.0-alpha.3

3.0.0-alpha.4

3.0.0-beta

3.0.0-beta.2

3.0.0-beta.3

3.0.1

3.0.10

3.0.11

3.0.12

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.0-RC

3.1.0-alpha

3.1.0-alpha.2

3.1.0-alpha.3

3.1.0-beta

3.1.1

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.1.15

3.1.16

3.1.17

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.0-RC

3.2.0-RC.2

3.2.0-RC.4

3.2.0-alpha

3.2.0-beta

3.2.0-beta.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.8

3.2.9