BID:53450

phpMyFAQ Default Password Security Bypass Vulnerability

Info

phpMyFAQ Default Password Security Bypass Vulnerability

Bugtraq ID:	53450
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	May 10 2012 12:00AM
Updated:	May 10 2012 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	phpMyFAQ phpMyFAQ 1.32

Not Vulnerable:	phpMyFAQ phpMyFAQ 1.3.3

Discussion

phpMyFAQ Default Password Security Bypass Vulnerability

phpMyFAQ is prone to a security-bypass vulnerability.

Successful attacks can allow an attacker to gain access to the affected application using the default authentication credentials.

Exploit / POC

phpMyFAQ Default Password Security Bypass Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

phpMyFAQ Default Password Security Bypass Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

phpMyFAQ Default Password Security Bypass Vulnerability

References:

phpMyFAQ Changelog since 2001 (phpMyFAQ)
phpMyFAQ Default Password (OSVDB)
phpMyFAQ Homepage (phpMyFAQ)