phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2024-28105 - Vulnerability Database

phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2024-28105

High
Reference: CVE-2024-28105
Title: phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

phpMyFAQ is an open source FAQ web application for PHP 8.1 and MySQL PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters allowing attackers to upload malicious files with a .php extension potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.