Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.

Remediation

References

CVE-2024-29196

Related Vulnerabilities

WordPress Plugin Events Made Easy Cross-Site Scripting (2.2.23)

WordPress Plugin Import any XML or CSV File to WordPress Pro Arbitrary File Upload (4.1.0)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Vulnerabilities (1.17.1)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-23620)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8960)

Severity

Low

Classification

CVE-2024-29196 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities