GHSA-qcjg-hvg6-hxcp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qcjg-hvg6-hxcp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-qcjg-hvg6-hxcp/GHSA-qcjg-hvg6-hxcp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qcjg-hvg6-hxcp
- Aliases
- Published
- 2023-09-30T03:31:49Z
- Modified
- 2024-02-16T07:58:24.077475Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- phpMyFAQ allows unrestricted file types in image field
- Details
-
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
- Database specific
{ "nvd_published_at": "2023-09-30T01:15:39Z", "cwe_ids": [ "CWE-434" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-10-02T20:20:57Z" }- References
Affected packages
Packagist / thorsten/phpmyfaq
Package
- Name
- thorsten/phpmyfaq
- Purl
- pkg:composer/thorsten/phpmyfaq
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.18
Affected versions
2.*
2.8.0-alpha2
2.8.0-alpha3
2.8.0-beta
2.8.0-beta2
2.8.0-beta3
2.8.0-RC
2.8.0-RC2
2.8.0-RC3
2.8.0-RC4
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.8.10
2.8.11
2.8.12
2.8.13
2.8.14
2.8.15
2.8.16
2.8.17
2.8.18
2.8.19
2.8.20
2.8.21
2.8.22
2.8.23
2.8.24
2.8.25
2.8.26
2.8.27
2.8.28
2.8.29
2.9.0-alpha
2.9.0-alpha2
2.9.0-alpha3
2.9.0-alpha4
2.9.0-beta
2.9.0-beta2
2.9.0-rc
2.9.0-rc2
2.9.0-rc3
2.9.0-rc4
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
2.9.10
2.9.11
2.9.12
2.9.13
2.10.0-alpha
3.*
3.0.0-alpha
3.0.0-alpha.2
3.0.0-alpha.3
3.0.0-alpha.4
3.0.0-beta
3.0.0-beta.2
3.0.0-beta.3
3.0.0-RC
3.0.0-RC.2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.1.0-alpha
3.1.0-alpha.2
3.1.0-alpha.3
3.1.0-beta
3.1.0-RC
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17