phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

危险类型文件的不加限制上传

phpMyFAQ 安全漏洞

phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 存在安全漏洞，该漏洞源于 phpmyfaq 中的类别图片上传功能容易受到 Content-type 和 lang 参数的操纵，从而允许上传扩展名为 .php 的恶意文件。

N/A

N/A