Main Vulnerability Database Vulnerabilities #VU130105

Information Exposure Through an Error Message in phpMyFAQ - CVE-2024-54141

Published: December 6, 2024 / Updated: May 5, 2026

Vulnerability identifier: #VU130105

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-54141

CWE-ID: CWE-209

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Thorsten Rinne

Affected software:
phpMyFAQ

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to generation of error message containing sensitive information in Installer.php when handling setup requests while the database server is unavailable. A remote attacker can trigger a database connection failure to disclose sensitive information.

The exposed information includes database connection credentials, and exploitation can occur when the database server is unreachable or refusing connections.

How to mitigate CVE-2024-54141

Install security update from vendor's website.

Sources

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x

Information Exposure Through an Error Message in phpMyFAQ - CVE-2024-54141

Detailed vulnerability description

How to mitigate CVE-2024-54141

Sources

Please verify you're human