|
|
Family: CGI abuses --> Category: attack
phpMyFAQ < 1.5.2 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in phpMyFAQ < 1.5.2
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains several PHP scripts that are prone to a
variety of flaws, including remote code execution.
Description :
The remote host is running a version of phpMyFAQ that suffers from
arbitrary code execution (if the server is Windows-based), SQL
injection and cross-site scripting attacks, and information
disclosure.
See also :
http://retrogod.altervista.org/phpmyfuck151.html
http://www.phpmyfaq.de/advisory_2005-09-23.php
Solution :
Upgrade to phpMyFAQ 1.5.2 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
