cve/CVE-2024-28108.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ. This vulnerability is fixed in 3.2.6.

POC

Reference

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh

Github

No PoCs found on GitHub currently.

1.2 KiB Raw Blame History

CVE-2024-28108

Description

POC

Reference

Github

1.2 KiB

Raw Blame History