GHSA-M3R7-8GW7-QWVC thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames

Summary A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Details In...

User Interface (UI) Misrepresentation of Critical Information

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via the FAQ Record component. An attacker can trigger a file download on a victim's machine...

CVE-2024-55889

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

CVE-2024-55889

CVE-2024-55889 affects the phpMyFAQ open source FAQ web application. The issue is in the FAQ Record component prior to version 3.2.10, where a privileged attacker can trigger a file download on a victim’s machine by embedding the target file in an iframe upon visiting a page, without user interac...

CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.2.10, which stems from the ability of an attacker to trigger a file download on a victim's machine by embedding the file in an...

PT-2024-36603 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.10 Description: A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an iframe element without user...

Credential Exposure

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Credential Exposure in the error message returned when the underlying database is down. An attacker who can cause the database server to be unreachable ...

GHSA-VRJR-P3XP-XX2X phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

Summary Exposure of database ie postgreSQL server's credential when connection to DB fails. Details Exposed database credentials upon misconfig/DoS @ permalink: https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/src/phpMyFAQ/Setup/Installer.phpL694 PoC When postgreSQL server is unreachable, ...

CVE-2024-54141

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

CVE-2024-54141

phpMyFAQ prior to 4.0.0 is vulnerable to proper error handling that exposes the database server credentials when a DB connection fails. This affects the phpMyFAQ software (PHP 8.1+ with MySQL/PostgreSQL and other databases) and can allow an attacker to obtain credentials from error messages, pote...

CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

PT-2024-36070 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 4.0.0 Description: The issue exposes database server credentials when a connection to the database fails. This can occur when the database instance or server is unreachable, resulting in an error that reveals the...

phpMyFAQ 安全漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 4.0.0, which stems from exposing the database server credentials when a connection to the DB fails...

Exploit for Cross-site Scripting in Phpmyfaq

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

SQL Injection

phpmyfaq/phpmyfaq is vulnerable to SQL Injection. The vulnerability is caused due to improper escaping of the email address within News.php. This allows authenticated users with appropriate privileges to execute malicious SQL queries, potentially leading to data exfiltration, account takeover, an...