PT-2026-57179 · Phpmyfaq · Phpmyfaq

Domainxtech

·

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-57961

CVSS v3.1

2.7

Baixa

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path resolution logic locates the substring "content" within a user-controlled path using strpos(); when "content" is absent, strpos() returns false, which becomes 0 when cast to an integer, preserving the entire attacker-controlled path. This path is later passed to file get contents() without canonicalization or root-directory containment validation, which may allow reading of files outside the intended content directory.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-57961

Produtos afetados

Phpmyfaq