|
Family: CGI abuses --> Category: attack
paFAQ Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in paFAQ
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from
multiple vulnerabilities.
Description :
The remote host is running paFAQ, a web-based FAQ system implemented
in PHP / MySQL.
The installed version of paFAQ on the remote host suffers from several
vulnerabilities. Among the more serious are a SQL injection
vulnerability that enables a possible hacker to bypass admin authentication
and a 'backup.php' script that allows attackers to download paFAQ's
database, complete with the administrator's password hash.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-02/0269.html
http://www.gulftech.org/?node=research&article_id=00083-06202005
http://archives.neohapsis.com/archives/bugtraq/2005-06/0155.html
Solution :
Remove the 'backup.php' script and enable PHP's 'magic_quotes_gpc'
setting.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|