Miggo Logo
Miggo Vulnerability Database
CVE-2023-5227

CVE-2023-5227: phpMyFAQ allows unrestricted file types in image field

6.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2023-5227
GHSA ID
GHSA-qcjg-hvg6-hxcp
EPSS Score
0.53607%
CWE
CWE-434
Published
9/30/2023
Updated
11/6/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
thorsten/phpmyfaqcomposer< 3.1.183.1.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient file type validation in the image upload process. The patch added a new isValidMimeType() check and modified the upload() method, indicating the original implementation in upload() only performed basic image validation via getimagesize(). This function can be tricked by files with valid image headers but malicious content, making MIME type validation essential. The pre-patch upload() function's lack of proper content-type validation directly enabled the unrestricted file upload vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Unr*stri*t** Uplo** o* *il* wit* **n**rous Typ* in *it*u* r*pository t*orst*n/p*pmy**q prior to *.*.**.

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt *il* typ* v*li**tion in t** im*** uplo** pro**ss. T** p*t** ***** * n*w `isV*li*Mim*Typ*()` ****k *n* mo*i*i** t** `uplo**()` m*t*o*, in*i**tin* t** ori*in*l impl*m*nt*tion in `uplo**()` only p*r*orm** **si*