CVE-2024-24574
published 2024-02-05CVE-2024-24574: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.88%
54.6th percentile
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmyfaq | phpmyfaq | < 3.2.5 | 3.2.5 |
| phpmyfaq | phpmyfaq | >= 0 < 3.2.5 | 3.2.5 |
| thorsten | phpmyfaq | < 3.2.5 | 3.2.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
phpMyFAQ vulnerable to stored XSS on attachments filename
ghsa·2024-02-05
CVE-2024-24574 [MEDIUM] CWE-79 phpMyFAQ vulnerable to stored XSS on attachments filename
phpMyFAQ vulnerable to stored XSS on attachments filename
### Summary
Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side (XSS)
### Details
On that snippet code of rendering the file attachments from user tables
```
id ?>" title="thema ?>">
id ?>
filename ?>
record_lang ?>
filesize) ?>
mime_type ?>
```
The data directly rendering with short hand echo without any sanitation first, its recommend to use existing class of `Strings::htmlentities` on use `phpMyFAQ\Strings;`
```
filename); ?>
record_lang); ?>
filesize) ?>
mime_type); ?>
```
Propose fixing on that pull request https://github.com/thorsten/phpMyFAQ/pull/2827
### PoC
1. An attacker with permission will upload the attachments image on [http://{base_url}/ad
OSV
phpMyFAQ vulnerable to stored XSS on attachments filename
osv·2024-02-05
CVE-2024-24574 [MEDIUM] phpMyFAQ vulnerable to stored XSS on attachments filename
phpMyFAQ vulnerable to stored XSS on attachments filename
### Summary
Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side (XSS)
### Details
On that snippet code of rendering the file attachments from user tables
```
id ?>" title="thema ?>">
id ?>
filename ?>
record_lang ?>
filesize) ?>
mime_type ?>
```
The data directly rendering with short hand echo without any sanitation first, its recommend to use existing class of `Strings::htmlentities` on use `phpMyFAQ\Strings;`
```
filename); ?>
record_lang); ?>
filesize) ?>
mime_type); ?>
```
Propose fixing on that pull request https://github.com/thorsten/phpMyFAQ/pull/2827
### PoC
1. An attacker with permission will upload the attachments image on [http://{base_url}/ad
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5https://github.com/thorsten/phpMyFAQ/pull/2827https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fxhttps://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5https://github.com/thorsten/phpMyFAQ/pull/2827https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx
2024-02-05
Published