CVE-2024-54141

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe	Patch
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpmyfaq:phpmyfaq:4.0.0:alpha:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-06 15:15

Updated : 2025-08-15 18:44

NVD link : CVE-2024-54141

Mitre link : CVE-2024-54141

CVE.ORG link : CVE-2024-54141

JSON object : View

Products Affected

phpmyfaq

phpmyfaq

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2024-54141", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-12-06T15:15:09.530", "references": [{"url": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0."}, {"lang": "es", "value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. Antes de la versi\u00f3n 4.0.0, phpMyFAQ expon\u00eda las credenciales del servidor de la base de datos (es decir, PostgreSQL) cuando fallaba la conexi\u00f3n a la base de datos. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 4.0.0."}], "lastModified": "2025-08-15T18:44:17.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:4.0.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5A7973-57B0-46D4-8ECE-E824386298D8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}