CVE-2024-55889

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.2.10

Description A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an iframe element without user interaction or explicit consent. This can be achieved by inserting an iframe as "source code" in a FAQ record, pointing to a prior "malicious" attachment uploaded by the attacker. The vulnerability allows malicious code or binaries to be dropped on visitors' machines when visiting the FAQ platform, potentially leading to the spread of malware such as worms or ransomware.

Recommendations For versions prior to 3.2.10, update to version 3.2.10 to fix the issue. As a temporary workaround, consider restricting access to the FAQ Record component or disabling the ability to upload attachments until the update is applied. Additionally, avoid using the iframe element in FAQ records until the issue is resolved.