CVE-2023-4006

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Jul 31, 2023

Updated: Aug 3, 2023

CWE ID 252

Summary

CVE-2023-4006 refers to a vulnerability in the phpmyfaq GitHub repository version 3.1.15 and below. This issue involves improper handling of formula elements in CSV files. An attacker could exploit this weakness by injecting malicious formulas that, when processed, could result in arbitrary code execution. This security flaw poses a serious risk and requires affected users to update to the latest version of phpmyfaq as soon as possible to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s5Q7aO
https://www.cve.org/CVERecord?id=CVE-2023-4006
https://nvd.nist.gov/vuln/detail/CVE-2023-4006

Back to Vulnerability Database

CVE-2023-4006

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations