CVE-2024-28105 HIGH

CVE-2024-28105: phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

Vendor Thorsten
Product phpMyFAQ
Weakness CWE-434 · Unrestricted file upload
Published March 25, 2024
Last update August 13, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.

Key dates

02Disclosure timeline

March 25, 2024 CVE published
August 13, 2024 Record updated