How severe is CVE-2024-22202?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-22202?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-22202

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.

CVE-2011-1762

MEDIUM

CVSS:6.5(Medium)

A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post...

CWE-2842011

CVE-2012-4379

MEDIUM

CVSS:6.5(Medium)

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in...

CWE-2842012

CVE-2014-1398

MEDIUM

CVSS:6.5(Medium)

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statist...

CWE-2842014

CVE-2014-1399

MEDIUM

CVSS:6.5(Medium)

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspec...

CWE-2842014

CVE-2014-1400

MEDIUM

CVSS:6.5(Medium)

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspeci...

CWE-2842014

CVE-2014-3519

MEDIUM

CVSS:6.5(Medium)

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capa...

CWE-2842014

CVE-2024-22202

Vulnerability Description

Related Vulnerabilities

CVE-2011-1762

CVE-2012-4379

CVE-2014-1398

CVE-2014-1399

CVE-2014-1400

CVE-2014-3519