Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.

Remediation

References

CVE-2024-28105

Related Vulnerabilities

MySQL CVE-2018-3070 Vulnerability (CVE-2018-3070)

WordPress Plugin WP Rollback Multiple Vulnerabilities (1.2.2)

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2020-9481)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1227)

Jetty Improper Neutralization of Quoting Syntax Vulnerability (CVE-2023-36479)

Severity

High

Classification

CVE-2024-28105 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities