CVE-2024-54141

HIGH

phpMyFAQ <4.0.0 - Info Disclosure

Title source: llm

Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.

References (2)

[Exploit, Vendor Advisory] https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x

[Patch] https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe

View Patch ZIP pw:eip

Scores

CVSS v3 8.6

EPSS 0.0039

EPSS Percentile 59.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (2)

phpmyfaq/phpmyfaq 4.0.0 alpha

thorsten/phpmyfaq 0 - 4.0.0Packagist

Published Dec 06, 2024

Tracked Since Feb 18, 2026