CVE-2024-29196 - Vulnerability Details - OpenCVE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00463.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpmyfaq	Phpmyfaq

Configuration 1 [-]

cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-0964	phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
Github GHSA	GHSA-mmh6-5cpf-2c72	phpMyFAQ Path Traversal in Attachments

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72

History

Thu, 09 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phpmyfaq Phpmyfaq phpmyfaq
CPEs		cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:::::::*
Vendors & Products		Phpmyfaq Phpmyfaq phpmyfaq

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-26T03:01:36.890Z

Updated: 2024-08-05T16:29:28.863Z

Reserved: 2024-03-18T17:07:00.095Z

Link: CVE-2024-29196

Vulnrichment

Updated: 2024-08-02T01:10:54.751Z

NVD

Status : Analyzed

Published: 2024-03-26T03:15:13.517

Modified: 2025-01-09T16:58:38.057

Link: CVE-2024-29196

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29196", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-18T17:07:00.095Z", "datePublished": "2024-03-26T03:01:36.890Z", "dateUpdated": "2024-08-05T16:29:28.863Z"}, "containers": {"cna": {"title": "phpMyFAQ Path Traversal in Attachments", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"}, {"name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62", "tags": ["x_refsource_MISC"], "url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"}], "affected": [{"vendor": "thorsten", "product": "phpMyFAQ", "versions": [{"version": "= 3.2.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-26T03:01:36.890Z"}, "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6."}], "source": {"advisory": "GHSA-mmh6-5cpf-2c72", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.751Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"}, {"name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"}]}, {"affected": [{"vendor": "phpmyfaq", "product": "phpmyfaq", "cpes": ["cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.2.5", "status": "affected", "lessThan": "3.2.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T16:25:22.893037Z", "id": "CVE-2024-29196", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T16:29:28.863Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72", "name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62", "name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.751Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29196", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T16:25:22.893037Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"], "vendor": "phpmyfaq", "product": "phpmyfaq", "versions": [{"status": "affected", "version": "3.2.5", "lessThan": "3.2.6", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T16:29:20.810Z"}}], "cna": {"title": "phpMyFAQ Path Traversal in Attachments", "source": {"advisory": "GHSA-mmh6-5cpf-2c72", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "thorsten", "product": "phpMyFAQ", "versions": [{"status": "affected", "version": "= 3.2.5"}]}], "references": [{"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72", "name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62", "name": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-26T03:01:36.890Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29196", "state": "PUBLISHED", "dateUpdated": "2024-08-05T16:29:28.863Z", "dateReserved": "2024-03-18T17:07:00.095Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-26T03:01:36.890Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6."}, {"lang": "es", "value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Existe una vulnerabilidad de Path Traversal en los archivos adjuntos que permite a los atacantes con derechos de administrador cargar archivos maliciosos en otras ubicaciones de la ra\u00edz web. Esta vulnerabilidad se soluciona en 3.2.6."}], "id": "CVE-2024-29196", "lastModified": "2025-01-09T16:58:38.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-26T03:15:13.517", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}