phpMyFaq ImageManager Plugin Missing User Authentication

phpMyFaq ImageManager Plugin Missing User Authentication

ITLE:
phpMyFaq ImageManager Plugin Missing User Authentication

SECUNIA ADVISORY ID:
SA12085

VERIFY ADVISORY:
http://secunia.com/advisories/12085/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
phpMyFAQ 1.x
http://secunia.com/product/3487/

DESCRIPTION:
A security issue has been discovered in phpMyFaq, which can be
exploited by malicious people to upload or delete arbitrary images.

The security issue is caused due to a missing user authentication
check in the ImageManager plugin, which allows anyone to access the
plugin’s functionality.

Only version 1.4.0 is affected.

SOLUTION:
Update to version 1.4.0a.
http://www.phpmyfaq.de/download.php

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.phpmyfaq.de/advisory_2004-07-27.php

Peeplo Engine

Un motore di ricerca nuovo, ricco e approfondito.

Inizia ora le tue ricerche su Peeplo.

Ultimi interventi

Vedi tutti