PT-2010-5538 · Phpmyfaq · Phpmyfaq
Published
2010-12-17
·
Updated
2010-12-20
·
CVE-2010-4558
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpMyFAQ versions 2.6.11 through 2.6.12
Description
The issue allows remote attackers to execute arbitrary PHP code due to an externally introduced modification in the getTopTen method in inc/Faq.php.
Recommendations
For versions 2.6.11 and 2.6.12, consider removing or replacing the modified getTopTen method in inc/Faq.php to prevent the execution of arbitrary PHP code.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpmyfaq