Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mmh6-5cpf-2c72

GitHub Security Advisory

phpMyFAQ Path Traversal in Attachments

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

### Summary
There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root.

### PoC
1. In settings, the attachment location is vulnerable to path traversal and can be set to e.g ..\hacked
![image](https://github.com/thorsten/phpMyFAQ/assets/63487456/6167ba74-254c-4aed-9c16-759e5ceafd81)

2. When the above is set, attachments files are now uploaded to e.g C:\Apps\XAMPP\htdocs\hacked instead of C:\Apps\XAMPP\htdocs\phpmyfaq\attachments

3. Verify this by uploading an attachment and see that the "hacked" directory is now created in the web root folder with the attachment file inside.
![image](https://github.com/thorsten/phpMyFAQ/assets/63487456/325df0cc-e9ee-48bd-a7bb-1295199b4d9e)
![image](https://github.com/thorsten/phpMyFAQ/assets/63487456/beb10a6a-9d56-4607-8da6-49581991b1fe)

### Impact
Attackers can potentially upload malicious files outside the specified directory.

Affected Packages

Packagist phpmyfaq/phpmyfaq
Affected versions: 3.2.5 (fixed in 3.2.6)

Related CVEs

CVE-2024-29196

Key Information

GHSA ID
GHSA-mmh6-5cpf-2c72
Published
March 25, 2024 7:35 PM
Last Modified
March 26, 2024 12:58 PM
CVSS Score
2.5 /10
Primary Ecosystem
Packagist
Primary Package
phpmyfaq/phpmyfaq
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.