Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

phpMyFAQ action parameter arbitrary file disclosure vulnerability Vulnerability Scan


Vulnerability Scan Summary
Check the version of phpMyFAQ

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that permits information
disclosure of local files.

Description :

The version of phpMyFAQ on the remote host contains a flaw that may lead
to an unauthorized information disclosure. The problem is that user
input passed to the 'action' parameter is not properly verified before
being used to include files, which could allow an remote attacker to
view any accessible file on the system, resulting in a loss of
confidentiality.

See also :

http://security.e-matters.de/advisories/052004.html
http://www.phpmyfaq.de/advisory_2004-05-18.php

Solution :

Upgrade to phpMyFAQ 1.3.13 or newer.

Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.