CVE-2024-28108
published 2024-03-25CVE-2024-28108: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink`…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.54%
41.2th percentile
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | >= 3.2.5 < 3.2.6 | 3.2.6 |
| thorsten | phpmyfaq | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
phpMyFAQ Stored HTML Injection at contentLink
ghsa·2024-03-25
CVE-2024-28108 [MEDIUM] CWE-79 phpMyFAQ Stored HTML Injection at contentLink
phpMyFAQ Stored HTML Injection at contentLink
### Summary
Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._
### PoC
1. Browse to ../phpmyfaq/index.php?action=add&cat=0 , enter `https://test.com?p=HTML_INJECTION` for the contentLink parameter.
2. Verify the HTML injection by viewing the FAQ itself, “All categories” → “CategoryName” → ”QuestionName”.
### Impact
Attackers can manipulate the appearance and functionality of web pages by injecting malicious HTML code. This can lead to various undesirable outcomes, such as defacing the website, redir
OSV
phpMyFAQ Stored HTML Injection at contentLink
osv·2024-03-25
CVE-2024-28108 [MEDIUM] phpMyFAQ Stored HTML Injection at contentLink
phpMyFAQ Stored HTML Injection at contentLink
### Summary
Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._
### PoC
1. Browse to ../phpmyfaq/index.php?action=add&cat=0 , enter `https://test.com?p=HTML_INJECTION` for the contentLink parameter.
2. Verify the HTML injection by viewing the FAQ itself, “All categories” → “CategoryName” → ”QuestionName”.
### Impact
Attackers can manipulate the appearance and functionality of web pages by injecting malicious HTML code. This can lead to various undesirable outcomes, such as defacing the website, redir
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqhhttps://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh
2024-03-25
Published