icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

paFAQ Multiple Vulnerabilities

High

Synopsis

The remote web server contains scripts that are vulnerable to a SQL injection attack.

Description

The remote host is running paFAQ, a web-based 'Frequently Asked Questions' (FAQ) generator. This version of paFAQ is vulnerable to a SQL injection attack. An attacker exploiting this flaw would be able to read/modify data or execute commands as the web server process. In addition, this version of paFAQ is vulnerable to a remote cross-site scripting (XSS) flaw as well as a flaw within the backup.php script that would allow a remote attacker full access to the application database.

Solution

Upgrade or patch according to vendor recommendations.