Family: CGI abuses --> Category: attack
paFAQ Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in paFAQ
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that suffers from
The remote host is running paFAQ, a web-based FAQ system implemented
in PHP / MySQL.
The installed version of paFAQ on the remote host suffers from several
vulnerabilities. Among the more serious are a SQL injection
vulnerability that enables a possible hacker to bypass admin authentication
and a 'backup.php' script that allows attackers to download paFAQ's
database, complete with the administrator's password hash.
See also :
Remove the 'backup.php' script and enable PHP's 'magic_quotes_gpc'
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.