Miggo Logo
Miggo Vulnerability Database
CVE-2023-1759

CVE-2023-1759:
phpMyFAQ Stored Cross-site Scripting vulnerability

4.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-1759
GHSA ID
GHSA-4wfc-ghv5-2v7j
EPSS Score
0.14909%
CWE
CWE-79
Published
3/31/2023
Updated
4/6/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
thorsten/phpmyfaqcomposer< 3.1.123.1.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input sanitization using FILTER_UNSAFE_RAW in multiple admin controllers. The patch replaces these with FILTER_SANITIZE_SPECIAL_CHARS across 3 files, indicating these were the vulnerable entry points. The functions handled user-supplied data that would be persisted and later rendered without adequate escaping, meeting stored XSS criteria. The direct correlation between filter changes and CWE-79 remediation confirms these as vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* S*riptin* (XSS) - Stor** in *it*u* r*pository t*orst*n/p*pmy**q prior to *.*.**.

Reasoning

T** vuln*r**ility st*ms *rom improp*r input s*nitiz*tion usin* *ILT*R_UNS***_R*W in multipl* **min *ontroll*rs. T** p*t** r*pl***s t**s* wit* *ILT*R_S*NITIZ*_SP**I*L_***RS **ross * *il*s, in*i**tin* t**s* w*r* t** vuln*r**l* *ntry points. T** *un*tio