PT-2005-2960 · Pafaq · Pafaq

James Bercegay

Published

2005-06-20

Updated

2016-10-18

CVE-2005-2014

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions paFAQ version 1.0 Beta 4

Description The issue allows remote authenticated administrators to execute arbitrary PHP commands. This is achieved by uploading a malicious language pack through the "upload a language pack" feature.

Recommendations For paFAQ version 1.0 Beta 4, consider disabling the "upload a language pack" feature until a patch is available to prevent the execution of arbitrary PHP commands.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2014

Affected Products

Pafaq

PT-2005-2960 · Pafaq · Pafaq

CVE-2005-2014

Related Identifiers

Affected Products

References · 3