Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2022-0338
Date: October 3, 2022
A stored XSS and possible RCE/LFI in case of misconfiguration in thorsten/phpmyfaq. An attacker with admin grant can export the configuration and re-upload the same file bypassing all the backend sanitization and controls. This vulnerability allow an attacker to take control of the entire database and in some cases read arbitrary file or execute shell commands by writing malicious php file.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | HIGH |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | LOW |
| Availability (A): | LOW |