CVE-2024-54141 HIGH

CVE-2024-54141: phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

Vendor Thorsten
Product phpMyFAQ
Weakness CWE-209 · Error message info leak
Published December 6, 2024
Last update December 6, 2024

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.

Key dates

02Disclosure timeline

December 6, 2024 CVE published
December 6, 2024 Record updated