Cyber Resilience

CVE-2024-55889

MediumPublic PoC

Published: 13 December 2024

Published
13 December 2024
Modified
14 August 2025
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0912 92.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55889 is a medium-severity User Interface (UI) Misrepresentation of Critical Information (CWE-451) vulnerability in Phpmyfaq Phpmyfaq. Its CVSS base score is 4.9 (Medium).

Operationally, ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

phpMyFAQ is an open source FAQ web application that contains a vulnerability in its FAQ Record component prior to version 3.2.10. The flaw permits a privileged attacker to force an unintended file download on a visiting user's system by embedding a crafted reference inside an <iframe> element, which triggers automatically without user interaction or consent. The issue is tracked as CWE-451 and carries a CVSS 3.1 score of 4.9 reflecting network attack vector, low complexity, high privileges required, and high integrity impact with no confidentiality or availability effects.

An authenticated administrator or other high-privileged user can exploit the weakness by placing the iframe in content that a victim will view, resulting in the browser initiating a file download on the victim's machine. Because the vector requires no user interaction and works across the network, the attacker can achieve unauthorized modification of the victim's local environment through forced downloads.

The project addressed the issue in release 3.2.10. The accompanying GitHub Security Advisory GHSA-m3r7-8gw7-qwvc and the referenced commit fa0f7368dc3288eedb1915def64ef8fb270f711d document the fix and recommend that administrators upgrade promptly to eliminate the iframe-based download behavior.

EPSS for the CVE remains at 0.0919 with no material increase from its initial value, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in…

more

an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

phpmyfaq
phpmyfaq
≤ 3.2.10

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References