Description
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72
Scores
CVSS v3
3.8
EPSS
0.0063
EPSS Percentile
70.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
phpmyfaq/phpmyfaq
3.2.5
phpmyfaq/phpmyfaq
3.2.5 - 3.2.6Packagist
Published
Mar 26, 2024
Tracked Since
Feb 18, 2026