CVE-2024-24574

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

p

hpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.

References

Link	Resource
https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5	Patch
https://github.com/thorsten/phpMyFAQ/pull/2827	Patch
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx	Exploit Vendor Advisory
https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5	Patch
https://github.com/thorsten/phpMyFAQ/pull/2827	Patch
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:59

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : 6.5
References	~~() https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 - Patch~~	() https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 - Patch
References	~~() https://github.com/thorsten/phpMyFAQ/pull/2827 - Patch~~	() https://github.com/thorsten/phpMyFAQ/pull/2827 - Patch
References	~~() https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx - Exploit, Vendor Advisory~~	() https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx - Exploit, Vendor Advisory

Information

Published : 2024-02-05 21:15

Updated : 2024-11-21 08:59

NVD link : CVE-2024-24574

Mitre link : CVE-2024-24574

CVE.ORG link : CVE-2024-24574

JSON object : View

Products Affected

phpmyfaq

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

{"id": "CVE-2024-24574", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-02-05T21:15:12.340", "references": [{"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/thorsten/phpMyFAQ/pull/2827", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/thorsten/phpMyFAQ/pull/2827", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}]}], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."}, {"lang": "es", "value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El eco inseguro del nombre de archivo en phpMyFAQ\\phpmyfaq\\admin\\attachments.php conduce a la ejecuci\u00f3n permitida de c\u00f3digo JavaScript en el lado del cliente (XSS). Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.2.5."}], "lastModified": "2024-11-21T08:59:27.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD", "versionEndExcluding": "3.2.5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}