phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.
History

Fri, 06 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Phpmyfaq
Phpmyfaq phpmyfaq
CPEs cpe:2.3:a:phpmyfaq:phpmyfaq:-:*:*:*:*:*:*:*
Vendors & Products Phpmyfaq
Phpmyfaq phpmyfaq
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Description phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.
Title phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
Weaknesses CWE-209
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-06T15:00:16.407Z

Updated: 2024-12-06T17:12:03.413Z

Reserved: 2024-11-29T18:02:16.755Z

Link: CVE-2024-54141

cve-icon Vulnrichment

Updated: 2024-12-06T17:11:58.394Z

cve-icon NVD

Status : Received

Published: 2024-12-06T15:15:09.530

Modified: 2024-12-06T15:15:09.530

Link: CVE-2024-54141

cve-icon Redhat

No data.