CVE-2024-28107

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 25, 2024
Updated: Mar 26, 2024
CWE ID 89

Summary

CVE-2024-28107 is a SQL injection vulnerability found in phpMyFAQ, an open source FAQ web application for PHP 8.1+ and various databases. The vulnerability exists in the 'insertentry' and 'saveentry' functions, which improperly escape email addresses when modifying records. This flaw allows authenticated users with the ability to add or edit FAQ news to exploit the vulnerability, potentially leading to data exfiltration, account takeover, and even remote code execution (RCE). The issue has been resolved in version 3.2.6 of phpMyFAQ.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28107 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options