CVE-2024-54141

Summary

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.

Affected Software

VendorProductVersion RangeStatus
thorstenphpMyFAQ< 4.0.0affected

Weaknesses

  • CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References