PT-2004-3150 · Phpmyfaq · Phpmyfaq
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-2255
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
phpMyFAQ version 1.3.12
Description:
The issue allows remote attackers to read arbitrary files and possibly execute local PHP files. This is achieved via the
action variable, which is used as part of a template filename.Recommendations:
For phpMyFAQ version 1.3.12, consider restricting access to the
action variable to minimize the risk of exploitation. As a temporary workaround, avoid using the action variable in template filenames until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpmyfaq