phpMyFAQ Unspecified Security Bypass Vulnerability
BID:21945
Info
phpMyFAQ Unspecified Security Bypass Vulnerability
| Bugtraq ID: | 21945 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2007 12:00AM |
| Updated: | Jan 09 2007 06:22PM |
| Credit: | Stefan Esser and Markus Kohlmeyer are credited with the discovery of this issue. |
| Vulnerable: |
phpMyFAQ phpMyFAQ 1.6.7 |
| Not Vulnerable: |
phpMyFAQ phpMyFAQ 1.6.8 |
Discussion
phpMyFAQ Unspecified Security Bypass Vulnerability
phpMyFAQ is prone to a security-bypass vulnerability.
A remote attacker can exploit this issue to gain unauthorized access to the application's file-upload facility. This may lead to other attacks.
This issue affects versions prior to 1.6.8.
phpMyFAQ is prone to a security-bypass vulnerability.
A remote attacker can exploit this issue to gain unauthorized access to the application's file-upload facility. This may lead to other attacks.
This issue affects versions prior to 1.6.8.
Exploit / POC
phpMyFAQ Unspecified Security Bypass Vulnerability
Attackers may exploit this issue using a browser.
Attackers may exploit this issue using a browser.
Solution / Fix
phpMyFAQ Unspecified Security Bypass Vulnerability
Solution:
The vendor has released version 1.6.8 to address this issue. Please see the references for more information.
phpMyFAQ phpMyFAQ 1.6.7
Solution:
The vendor has released version 1.6.8 to address this issue. Please see the references for more information.
phpMyFAQ phpMyFAQ 1.6.7
-
phpMyFAQ phpMyFAQ 1.6.8
http://www.phpmyfaq.de/getfaq.php?number=1.6.8&version=full&ext=.zip
References
phpMyFAQ Unspecified Security Bypass Vulnerability
References:
References:
- phpMyFAQ Homepage (phpMyFAQ)
- SQL injection and remote code execution vulnerabilities in phpMyFAQ 1.6.x (phpMyFAQ)