CVE-2024-24574

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.2.5

Description The issue is related to an unsafe echo of filename in the phpMyFAQ administration area, specifically in the attachments.php file, which allows the execution of JavaScript code on the client side, known as a Cross-Site Scripting (XSS) attack. This occurs because the filename is directly rendered without proper sanitation, allowing an attacker to inject malicious JavaScript code. The vulnerability can be exploited by an attacker with permission to upload attachments, who can then store an XSS payload in the database, specifically in the faqattachment table, column filename. This payload can be triggered on pages that list files in tables, potentially impacting other users. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 3.2.5, update to version 3.2.5 or later to resolve the issue. As a temporary workaround, consider using the existing Strings::htmlentities class to sanitize the filename, record lang, and mime type variables in the attachments.php file, to prevent the execution of malicious JavaScript code.