logo

Database

Lack of data validation - Path Traversal In phpmyfaq/phpmyfaq

Description

phpMyFAQ Path Traversal in Attachments

Summary

There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root.

PoC

    In settings, the attachment location is vulnerable to path traversal and can be set to e.g ..\hacked image

    When the above is set, attachments files are now uploaded to e.g C:\Apps\XAMPP\htdocs\hacked instead of C:\Apps\XAMPP\htdocs\phpmyfaq\attachments

    Verify this by uploading an attachment and see that the "hacked" directory is now created in the web root folder with the attachment file inside. image image

Impact

Attackers can potentially upload malicious files outside the specified directory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-291962. NVD-2024-291963. OSV-2024-291964. GHSA-mmh6-5cpf-2c725. GCVE-2024-29196

References

1. https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c722. https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-K00Q5 – Vulnerability | Fluid Attacks Database