CVE-2024-28105

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-28105

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28105.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-28105

Aliases

GHSA-pwh2-fpfr-x5gf

Published

2024-03-25T18:35:05.202Z

Modified

2025-11-30T18:41:55.091545Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

Details

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28105.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-434"
    ]
}

References

Affected packages

Git / github.com/thorsten/phpmyfaq

Affected ranges

Type: GIT
Repo: https://github.com/thorsten/phpmyfaq
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7

Affected versions

2.*

2.10.0-alpha

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.6.0

2.6.0-RC

2.6.0-alpha

2.6.0-beta

2.6.1

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.0-RC

2.7.0-alpha

2.7.0-alpha2

2.7.0-beta

2.7.0-beta2

2.7.0-beta3

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.8.0

2.8.0-RC

2.8.0-RC2

2.8.0-RC3

2.8.0-RC4

2.8.0-alpha

2.8.0-alpha2

2.8.0-alpha3

2.8.0-beta

2.8.0-beta2

2.8.0-beta3

2.8.1

2.8.10

2.8.11

2.8.12

2.8.13

2.8.14

2.8.15

2.8.16

2.8.17

2.8.18

2.8.19

2.8.2

2.8.20

2.8.21

2.8.22

2.8.23

2.8.24

2.8.25

2.8.26

2.8.27

2.8.28

2.8.29

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.0-RC

2.9.0-RC2

2.9.0-RC3

2.9.0-RC4

2.9.0-alpha

2.9.0-alpha2

2.9.0-alpha3

2.9.0-alpha4

2.9.0-beta

2.9.0-beta2

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0.0

3.0.0-RC

3.0.0-RC.2

3.0.0-alpha

3.0.0-alpha.2

3.0.0-alpha.3

3.0.0-alpha.4

3.0.0-beta

3.0.0-beta.2

3.0.0-beta.3

3.0.1

3.0.10

3.0.11

3.0.12

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.0-RC

3.1.0-alpha

3.1.0-alpha.2

3.1.0-alpha.3

3.1.0-beta

3.1.1

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.1.15

3.1.16

3.1.17

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.0-RC

3.2.0-RC.2

3.2.0-RC.4

3.2.0-alpha

3.2.0-beta

3.2.0-beta.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28105.json"