CVE-2024-54141: phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

8.6 CVSS

Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.

Classification

CVE ID: CVE-2024-54141

CVSS Base Severity: HIGH

CVSS Base Score: 8.6

Affected Products

Vendor: thorsten

Product: phpMyFAQ

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x
https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe

Timeline

2024-12-07 00:31:27 UTC
CVE

phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available