CVE-2024-54141

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.

Published: Dec 6, 2024
Updated: Aug 16, 2025
CVE: CVE-2024-54141
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpmyfaq / phpmyfaq	4.0.0-alpha	4.0.0-alpha.x

https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x

Vulnerability Database

CVE-2024-54141