| VID |
21345 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyFAQ program installed on the Web server, according to its version number, has an Image Manager Authentication Bypass Vulnerability.
phpMyFAQ is a freely-available FAQ program that uses a MySQL database for Microsoft Windows operating systems. In the phpMyFAQ version 1.4.0 and earlier, Image Manager included in phpMyFAQ for uploading images could be accessed by anonymous attacker on the web without authorization, caused by a missing user authentication check in the Image Manager plug-in. A remote attacker could use this vulnerability to bypass authentication and upload or delete images on the Web.
* Note: This check solely relied on the version number of the remote phpMyFAQ program to assess this vulnerability, so this might be a false positive.
* References:
http://www.phpmyfaq.de/advisory_2004-07-27.php
http://www.osvdb.org/8240
* Platforms Affected:
Thorsten Rinne, PhpMyFAQ 1.4.0 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version (1.4.0a or later) of phpMyFAQ, available from the phpMyFAQ Download site at http://www.phpmyfaq.de/download.php |
| Related URL |
CVE-2004-2257 (CVE) |
| Related URL |
10813 (SecurityFocus) |
| Related URL |
16814 (ISS) |
|
