Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.

Published

2024-02-05T21:15:12.340

Last Modified

2024-11-21T08:59:27.143

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-79
CWE-80

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyfaq	phpmyfaq	< 3.2.5	Yes

References

https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 Patch ([email protected])
https://github.com/thorsten/phpMyFAQ/pull/2827 Patch ([email protected])
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx Exploit, Vendor Advisory ([email protected])
https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/thorsten/phpMyFAQ/pull/2827 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)