phpMyFAQ Lets Remote Users Access the Image Manager Without Authorization
|
|
SecurityTracker Alert ID: 1010795
|
|
SecurityTracker URL: http://securitytracker.com/id?1010795
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 28 2004
|
Impact: Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.4.0
|
Description: A vulnerability was reported in phpMyFAQ. A remote user can gain unauthorized access to the Image Manager.
The vendor reported that a remote user can directly access the 3rd party Image Manager and can delete or upload images.
|
Impact: A remote user can upload or delete images.
|
Solution: The vendor has released a fixed version (1.4.0a), available at:
http://www.phpmyfaq.de/download.php
|
Vendor URL: www.phpmyfaq.de/advisory_2004-07-27.php (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 27 Jul 2004 23:21:41 -0400
Subject: http://www.phpmyfaq.de/advisory_2004-07-27.php
|
http://www.phpmyfaq.de/advisory_2004-07-27.php
> phpMyFAQ Security Advisory
> Vulnerability in phpMyFAQ version 1.4.0
> Risk:
> medium
A remote user can access the 3rd party Image Manager and can delete or upload images.
The vendor has released a fixed version (1.4.0a), available at:
http://www.phpmyfaq.de/download.php
|
|
