CVE-2024-54141: phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

December 6, 2024

Exposure of database (ie postgreSQL) server’s credential when connection to DB fails.

References

github.com/advisories/GHSA-vrjr-p3xp-xx2x
github.com/thorsten/phpMyFAQ
github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe
github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x
nvd.nist.gov/vuln/detail/CVE-2024-54141

Code Behaviors & Features

Detect and mitigate CVE-2024-54141 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →