Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

phpMyFAQ < 1.6.8 Multiple SQL Injection Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for SQL injection in phpMyFAQ

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
several SQL injection issues.

Description :

The version of phpMyFAQ on the remote host does not properly validate
input to the 'uin' parameter of several scripts before using it in
database queries. An unauthenticated remote attacker may be able to
leverage these issues to launch SQL injection attacks against the
affected application, even bypass authentication and upload arbitrary
files that can then be run on the affected host subject to the
rights of the web server user id.

See also :

Solution :

Upgrade to phpMyFAQ 1.6.8 or later.

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.