phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2024-28105

phpMyFAQ is an open source FAQ web application for PHP 8.1 and MySQL PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters allowing attackers to upload malicious files with a .php extension potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.