| VID |
210044 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyFAQ software is vulnerable to a file upload vulnerability which exists in versions prior to 1.6.10. phpMyFAQ is a freely available FAQ-system that uses a MySQL database for Microsoft Windows operating systems. phpMyFAQ versions prior to 1.6.10 could allow a remote attacker to upload malicious PHP files via the 'admin/attachment.php' and 'admin/editor/plugins/ImageManager/images.php' scripts. If register_globals is enabled, a remote attacker could exploit this vulnerability to upload arbitrary PHP files and execute arbitrary code on the host.
* References:
http://www.phpmyfaq.de/advisory_2007-02-18.php
http://secunia.com/advisories/24230/
* Platforms Affected:
Thorsten Rinne, phpMyFAQ versions prior to 1.6.10
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyFaq (1.6.10 or later), available from the phpMyFaq Download Web page at http://www.phpmyfaq.de/download.php |
| Related URL |
CVE-2007-1032 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
32573 (ISS) |
|
