CVE-2024-28105
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Mar 25, 2024
Updated: Jan 9, 2025
CWE ID 434
Summary
CVE-2024-28105 is a recently disclosed vulnerability affecting the phpMyFAQ open-source FAQ web application. This issue lies in the application's category image upload function, which can be exploited through manipulation of the `Content-type` and `lang` parameters. An attacker can upload malicious files with a .php extension, increasing the risk of remote code execution (RCE) on the vulnerable system. This vulnerability has been mitigated in version 3.2.6 of phpMyFAQ.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share