WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyFAQ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-29196)

Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.

Remediation

References

Related Vulnerabilities

Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32674)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4475)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23817)

Oracle Application Server CVE-2008-4014 Vulnerability (CVE-2008-4014)

WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1)

Severity

Low

Classification

CVE-2024-29196 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities