CVE-2024-28106 - Vulnerability Details - OpenCVE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpmyfaq	Phpmyfaq

Configuration 1 [-]

cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r

History

Thu, 09 Jan 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phpmyfaq Phpmyfaq phpmyfaq
CPEs		cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:::::::*
Vendors & Products		Phpmyfaq Phpmyfaq phpmyfaq

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-25T18:41:58.260Z

Updated: 2024-08-02T00:48:49.468Z

Reserved: 2024-03-04T14:19:14.059Z

Link: CVE-2024-28106

Vulnrichment

Updated: 2024-08-02T00:48:49.468Z

NVD

Status : Analyzed

Published: 2024-03-25T19:15:58.263

Modified: 2025-01-09T17:30:11.107

Link: CVE-2024-28106

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28106", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.059Z", "datePublished": "2024-03-25T18:41:58.260Z", "dateUpdated": "2024-08-02T00:48:49.468Z"}, "containers": {"cna": {"title": "phpMyFAQ Stored XSS at FAQ News Content", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"}, {"name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a", "tags": ["x_refsource_MISC"], "url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"}], "affected": [{"vendor": "thorsten", "product": "phpMyFAQ", "versions": [{"version": "3.2.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-25T18:41:58.260Z"}, "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6."}], "source": {"advisory": "GHSA-6p68-36m6-392r", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "phpmyfaq", "product": "phpmyfaq", "cpes": ["cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.2.5", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T00:06:05.995106Z", "id": "CVE-2024-28106", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T00:07:06.693Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.468Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"}, {"name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r", "name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a", "name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.468Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28106", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T00:06:05.995106Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*"], "vendor": "phpmyfaq", "product": "phpmyfaq", "versions": [{"status": "affected", "version": "3.2.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T00:07:03.853Z"}}], "cna": {"title": "phpMyFAQ Stored XSS at FAQ News Content", "source": {"advisory": "GHSA-6p68-36m6-392r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "thorsten", "product": "phpMyFAQ", "versions": [{"status": "affected", "version": "3.2.5"}]}], "references": [{"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r", "name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a", "name": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-25T18:41:58.260Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28106", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:48:49.468Z", "dateReserved": "2024-03-04T14:19:14.059Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-25T18:41:58.260Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6."}, {"lang": "es", "value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Al manipular el par\u00e1metro de noticias en una solicitud POST, un atacante puede inyectar c\u00f3digo JavaScript malicioso. Al navegar a la p\u00e1gina de noticias comprometida, se activa la carga \u00fatil XSS. Esta vulnerabilidad se soluciona en 3.2.6."}], "id": "CVE-2024-28106", "lastModified": "2025-01-09T17:30:11.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-25T19:15:58.263", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}