216.73.217.86

CVE-2025-29930

· Published 18/03/2025 19:15 · Modified 18/03/2025 19:15

Labels: CVE-2025-29930 2025-03-18CVE-2025-29930CWE-73[email protected]

Essential information

Published
18/03/2025 19:15
Modified
18/03/2025 19:15
Author
Creator
CISA KEV
No
CWE

Description

imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $_GET['seoOp'] parameter is manipulated to include malicious input (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php), the application could allow an attacker to read sensitive files on the server (Local File Inclusion, LFI). The $_GET['seoOp'] and $_GET['seoArg'] parameters are directly used without sanitization or validation. This is partly mitigated by the fact that the ImpressCMS sensitive files are stored outside the web root, in a folder with a randomized name. The issue has been resolved in imFaq 1.0.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
impresscms / imfaq cpe:2.3:a:impresscms:imfaq:*:*:*:*:*:*:*:*

References