CVE-2014-6046

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 2.8.13

Description The issue allows remote attackers to hijack the authentication of unspecified users for various requests, including deleting active users, deleting open questions, activating users, publishing FAQs, adding or deleting Glossary, adding or deleting FAQ news, adding or deleting comments, or adding votes. This is due to improper validation of CSRF tokens or a lack of a CSRF token.

Recommendations For versions prior to 2.8.13, update to version 2.8.13 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive functions that are vulnerable to CSRF attacks until the update is applied.