CVE-2024-22208

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Feb 12, 2024

CWE ID 863

Summary

CVE-2024-22208 is a vulnerability affecting phpMyFAQ, an open-source FAQ web application. The 'sharing FAQ' functionality allows unauthenticated actors to send arbitrary emails to a large number of recipients. Although a CAPTCHA is implemented to limit the number of emails sent per request, an attacker can bypass this limitation and send thousands of emails at once. This can lead to email servers being blacklisted and reputation damages. Version 3.2.5 of phpMyFAQ addresses this issue through proper implementation and limitation of the email sharing functionality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Phpmyfaq

Affected Vendors

Phpmyfaq

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-22208 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database