CVE-2024-24574 - OpenCVE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Phpmyfaq	Phpmyfaq

Configuration 1 [-]

cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5	Patch
https://github.com/thorsten/phpMyFAQ/pull/2827	Patch
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-05T20:57:13.115Z

Updated: 2024-02-05T20:57:13.115Z

Reserved: 2024-01-25T15:09:40.211Z

Link: CVE-2024-24574

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-05T21:15:12.340

Modified: 2024-02-12T21:41:04.237

Link: CVE-2024-24574

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-24574", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-25T15:09:40.211Z", "datePublished": "2024-02-05T20:57:13.115Z", "dateUpdated": "2024-02-05T20:57:13.115Z"}, "containers": {"cna": {"title": "phpMyFAQ vulnerable to stored XSS on attachments filename", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"}, {"name": "https://github.com/thorsten/phpMyFAQ/pull/2827", "tags": ["x_refsource_MISC"], "url": "https://github.com/thorsten/phpMyFAQ/pull/2827"}, {"name": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5", "tags": ["x_refsource_MISC"], "url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"}], "affected": [{"vendor": "thorsten", "product": "phpMyFAQ", "versions": [{"version": "< 3.2.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-05T20:57:13.115Z"}, "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."}], "source": {"advisory": "GHSA-7m8g-fprr-47fx", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD", "versionEndExcluding": "3.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."}, {"lang": "es", "value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El eco inseguro del nombre de archivo en phpMyFAQ\\phpmyfaq\\admin\\attachments.php conduce a la ejecuci\u00f3n permitida de c\u00f3digo JavaScript en el lado del cliente (XSS). Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.2.5."}], "id": "CVE-2024-24574", "lastModified": "2024-02-12T21:41:04.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-02-05T21:15:12.340", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/thorsten/phpMyFAQ/pull/2827"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Primary"}]}