Homepage
About Snyk

Arbitrary File Upload Affecting thorsten/phpmyfaq package, versions >=3.2.5, <3.2.6

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-THORSTENPHPMYFAQ-6495360
  • published 26 Mar 2024
  • disclosed 25 Mar 2024
  • credit kevinnivekkevin
Report a new vulnerability Found a mistake?

Introduced: 25 Mar 2024

CVE-2024-28105 Open this link in a new tab
CWE-434 Open this link in a new tab

How to fix?

Upgrade thorsten/phpmyfaq to version 3.2.6 or higher.

Overview

thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases

Affected versions of this package are vulnerable to Arbitrary File Upload via the manipulation of the Content-type and lang parameters in the category image upload function. An attacker can upload malicious files with a .php extension, potentially leading to unauthorized system access and control by modifying the Content-type to return an empty string for the extension and setting the lang parameter to .php., thereby enabling the uploading of web shells.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7.2 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    High
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High