WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyFAQ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-29196)

Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.

Remediation

References

Related Vulnerabilities

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0455)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14722)

WordPress Plugin Website FAQ 'website-faq-widget.php' SQL Injection (1.0)

WordPress Plugin LazyEater Multiple Unspecified Vulnerabilities (1.2.4)

MySQL CVE-2020-2765 Vulnerability (CVE-2020-2765)

Severity

Low

Classification

CVE-2024-29196 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities