Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00OHZ3LWpwZjgtaHdxaM4AA6Rm
phpMyFAQ Stored HTML Injection at contentLink
Summary
Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ.
PoC
-
Browse to ../phpmyfaq/index.php?action=add&cat=0 , enter
https://test.com?p=<h1>HTML_INJECTION</h1>for the contentLink parameter.
-
Verify the HTML injection by viewing the FAQ itself, “All categories” → “CategoryName” → ”QuestionName”.
Impact
Attackers can manipulate the appearance and functionality of web pages by injecting malicious HTML code. This can lead to various undesirable outcomes, such as defacing the website, redirecting users to malicious sites, or altering the content to deceive users. Additionally, unauthenticated HTML injection can compromise user privacy by displaying sensitive information or misleading content. It undermines the integrity of the application and erodes user trust, potentially resulting in loss of reputation and credibility.
Permalink: https://github.com/advisories/GHSA-48vw-jpf8-hwqhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OHZ3LWpwZjgtaHdxaM4AA6Rm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 10 months ago
Updated: 10 months ago
CVSS Score: 5.1
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Percentage: 0.00046
EPSS Percentile: 0.18991
Identifiers: GHSA-48vw-jpf8-hwqh, CVE-2024-28108
References:
- https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh
- https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634
- https://nvd.nist.gov/vuln/detail/CVE-2024-28108
- https://github.com/advisories/GHSA-48vw-jpf8-hwqh
Blast Radius: 3.1
Affected Packages
packagist:phpmyfaq/phpmyfaq
Dependent packages: 0Dependent repositories: 4
Downloads: 11 total
Affected Version Ranges: = 3.2.5
Fixed in: 3.2.6
All affected versions:
All unaffected versions: 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16, 2.8.17, 2.8.18, 2.8.19, 2.8.20, 2.8.21, 2.8.22, 2.8.23, 2.8.24, 2.8.25, 2.8.26, 2.8.27, 2.8.28, 2.8.29, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.9.11, 2.9.12, 2.9.13, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 4.0.0, 4.0.1, 4.0.2, 4.0.3