CVE-2024-24574 – phpMyFAQ vulnerable to stored XSS on attachments filename
https://notcve.org/view.php?id=CVE-2024-24574
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. phpMyFAQ es una aplicación web de preguntas frecuentes de código abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El eco inseguro del nombre de archivo en phpMyFAQ\phpmyfaq\admin\attachments.php conduce a la ejecución permitida de código JavaScript en el lado del cliente (XSS). Esta vulnerabilidad ha sido parcheada en la versión 3.2.5. • https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 https://github.com/thorsten/phpMyFAQ/pull/2827 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-22208 – phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
https://notcve.org/view.php?id=CVE-2024-22208
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. • https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg • CWE-863: Incorrect Authorization •
CVE-2024-22202 – User Removal Page Allows Spoofing Of User Details
https://notcve.org/view.php?id=CVE-2024-22202
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5. phpMyFAQ es una aplicación web de preguntas frecuentes de código abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. • https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35 • CWE-284: Improper Access Control •
CVE-2023-5866 – Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2023-5866
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. Cookie confidencial en sesión HTTPS sin atributo "seguro" en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.2.1. • https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55 https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVE-2023-5867 – Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2023-5867
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de 3.2.2. • https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3 https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •