Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2024/03/25 7:46 p.m.30 views

phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

Summary The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution RCE on the system. Details In the file upload function of...

7.2CVSS8.5AI score0.01476EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/03/25 6:35 p.m.66 views

CVE-2024-28105

CVE-2024-28105 concerns phpMyFAQ where the category image upload feature can be abused by manipulating Content-Type and lang to store a PHP file, potentially enabling remote code execution (RCE). The public details describe that by submitting a crafted image upload request, an attacker can bypass...

7.2CVSS7.3AI score0.01476EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/25 6:35 p.m.35 views

CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

7.2CVSS6.1AI score0.01476EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.4 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the category image upload feature in phpmyfaq being susceptible to manipulation of the Content-type and...

7.2CVSS5.4AI score0.01476EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.7 views

PT-2024-2390 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: The category image upload function in phpMyFAQ is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentiall...

8.3CVSS8.8AI score0.01476EPSS
Exploits1References15
Cvelist
Cvelist
added 2019/05/13 5:36 p.m.16 views

CVE-2019-11680

KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...

9.8AI score0.04153EPSS
Exploits0References1
Rows per page
Query Builder