Main Vulnerability Database Vulnerabilities #VU130105

Information Exposure Through an Error Message in phpMyFAQ - CVE-2024-54141

Published: December 6, 2024 / Updated: May 5, 2026

Vulnerability identifier: #VU130105

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-54141

CWE-ID: CWE-209

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
phpMyFAQ

Software vendor:
Thorsten Rinne

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to generation of error message containing sensitive information in Installer.php when handling setup requests while the database server is unavailable. A remote attacker can trigger a database connection failure to disclose sensitive information.

The exposed information includes database connection credentials, and exploitation can occur when the database server is unreachable or refusing connections.

Remediation

Install security update from vendor's website.

External links

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x

Information Exposure Through an Error Message in phpMyFAQ - CVE-2024-54141

Description

Remediation

External links

Please verify you're human