| VID |
21346 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyFAQ program installed on the Web server, according to its version number, has a File Inclusion Vulnerability.
phpMyFAQ is a freely-available FAQ program that uses a MySQL database for Microsoft Windows operating systems. phpMyFAQ versions 1.3.12 and 1.4.0-alpha1 are vulnerable to a File Inclusion Vulnerability, caused by insufficient sanitization of user-supplied data via the 'action' parameter. By passing a relative path to a file and concatenating the path with a '\0' string terminator, a remote attacker could view any file on the system which is accessible and under some circumstances, result in arbitrary PHP code execution if the attacker is able to inject PHP code into known files.
* Note: This check solely relied on the version number of the remote phpMyFAQ program to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html
http://www.osvdb.org/displayvuln.php?osvdb_id=6300
* Platforms Affected:
Thorsten Rinne, phpMyFAQ 1.3.12 and earlier
Thorsten Rinne, phpMyFAQ 1.4.0-alpha1 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version (1.3.13 or later or 1.4.0 alpha2) of phpMyFAQ, available from the phpMyFAQ Download site at http://www.phpmyfaq.de/download.php |
| Related URL |
CVE-2004-2255 (CVE) |
| Related URL |
10374 (SecurityFocus) |
| Related URL |
16177 (ISS) |
|
