CVE-2023-4006

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.1.16

Description The issue is related to the improper neutralization of formula elements in a CSV file, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted CSV file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 3.1.16, update to version 3.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to CSV file uploads or disabling the feature that allows users to upload CSV files until a patch is applied. Avoid using the CSV file type in the affected API endpoint until the issue is resolved.