VYPR
Moderate severityNVD Advisory· Published Mar 25, 2024· Updated Aug 2, 2024

phpMyFAQ Stored HTML Injection at contentLink

CVE-2024-28108

Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpmyfaq/phpmyfaqPackagist
>= 3.2.5, < 3.2.63.2.6

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.