CVE-2024-28105

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-28105

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28105.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-28105

Aliases

GHSA-pwh2-fpfr-x5gf

Published

2024-03-25T19:15:58Z

Modified

2024-10-08T04:07:15.616256Z

Summary

[none]

Details

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.

References

Affected packages

Git / github.com/thorsten/phpmyfaq

Affected ranges

Type: GIT
Repo: https://github.com/thorsten/phpmyfaq
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7

Affected versions

2.*

2.10.0-alpha

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.6.0

2.6.0-RC

2.6.0-alpha

2.6.0-beta

2.6.1

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.0-RC

2.7.0-alpha

2.7.0-alpha2

2.7.0-beta

2.7.0-beta2

2.7.0-beta3

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.8.0

2.8.0-RC

2.8.0-RC2

2.8.0-RC3

2.8.0-RC4

2.8.0-alpha

2.8.0-alpha2

2.8.0-alpha3

2.8.0-beta

2.8.0-beta2

2.8.0-beta3

2.8.1

2.8.10

2.8.11

2.8.12

2.8.13

2.8.14

2.8.15

2.8.16

2.8.17

2.8.18

2.8.19

2.8.2

2.8.20

2.8.21

2.8.22

2.8.23

2.8.24

2.8.25

2.8.26

2.8.27

2.8.28

2.8.29

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.0-RC

2.9.0-RC2

2.9.0-RC3

2.9.0-RC4

2.9.0-alpha

2.9.0-alpha2

2.9.0-alpha3

2.9.0-alpha4

2.9.0-beta

2.9.0-beta2

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0.0

3.0.0-RC

3.0.0-RC.2

3.0.0-alpha

3.0.0-alpha.2

3.0.0-alpha.3

3.0.0-alpha.4

3.0.0-beta

3.0.0-beta.2

3.0.0-beta.3

3.0.1

3.0.10

3.0.11

3.0.12

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.0-RC

3.1.0-alpha

3.1.0-alpha.2

3.1.0-alpha.3

3.1.0-beta

3.1.1

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.1.15

3.1.16

3.1.17

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.0-RC

3.2.0-RC.2

3.2.0-RC.4

3.2.0-alpha

3.2.0-beta

3.2.0-beta.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5