6 matches found
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Summary The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution RCE on the system. Details In the file upload function of...
CVE-2024-28105
CVE-2024-28105 concerns phpMyFAQ where the category image upload feature can be abused by manipulating Content-Type and lang to store a PHP file, potentially enabling remote code execution (RCE). The public details describe that by submitting a crafted image upload request, an attacker can bypass...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the category image upload feature in phpmyfaq being susceptible to manipulation of the Content-type and...
PT-2024-2390 · Phpmyfaq · Phpmyfaq
Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: The category image upload function in phpMyFAQ is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentiall...
CVE-2019-11680
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...