Description In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. Remediation References CVE-2017-15729 Related Vulnerabilities WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31) OpenSSL NULL Pointer Dereference Vulnerability (CVE-2020-1967) SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17313) WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14) Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10097) Severity High Classification CVE-2017-15729 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities