CVE-2024-24574

CVSS V2 None CVSS V3 None

Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.

Overview

CVE ID
CVE-2024-24574

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-02-05T20:57:13.115Z

Last Modified Date
2024-02-05T20:57:13.115Z

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html
CWE-80	http://cwe.mitre.org/data/definitions/80.html

References

Reference URL	Reference Tags
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx	x_refsource_CONFIRM
https://github.com/thorsten/phpMyFAQ/pull/2827	x_refsource_MISC
https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-24574
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24574

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 04:12:38				Added to TrackCVE