CVE-2024-29196

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.2.6

Description There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This issue can be exploited by remote attackers, potentially leading to the upload of malicious files outside the specified directory.

Recommendations For versions prior to 3.2.6, upgrade to version 3.2.6 to fix the Path Traversal vulnerability in Attachments. As a temporary workaround, consider restricting the attachment location settings to prevent path traversal until the upgrade is applied. Additionally, restrict access to the attachment upload feature to minimize the risk of exploitation.