SB2024020555 - Multiple vulnerabilities in phpMyFAQ

Description

This security bulletin contains information about 2 vulnerabilities.

1) Information Exposure Through an Error Message (CVE-ID: CVE-2024-54141)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to generation of error message containing sensitive information in Installer.php when handling setup requests while the database server is unavailable. A remote attacker can trigger a database connection failure to disclose sensitive information.

The exposed information includes database connection credentials, and exploitation can occur when the database server is unreachable or refusing connections.

2) Improper access control (CVE-ID: CVE-2024-22208)

The vulnerability allows a remote attacker to send arbitrary emails for phishing purposes.

The vulnerability exists due to improper access control in the sharing FAQ functionality when handling share requests. A remote attacker can submit a specially crafted request to send arbitrary emails for phishing purposes.

A single solved CAPTCHA can be abused to send thousands of emails because the backend does not enforce the front-end recipient limit, and the email content and shared link can be modified.

Remediation

Install update from vendor's website.

References

• https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x
• https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg