FreeBSD : phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution (c6b9aee8-3071-11da-af18-000ae4641456)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

If magic quotes are off there's a SQL injection when sending a
forgotten password. It's possible to overwrite the admin password and
to take over the whole system. In some files in the admin section
there are some cross site scripting vulnerabilities. In the public
frontend it's possible to include arbitrary php files.

See also :

http://www.phpmyfaq.de/advisory_2005-09-23.php
http://www.nessus.org/u?1b8731b7

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.8
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21510 (freebsd_pkg_c6b9aee8307111daaf18000ae4641456.nasl)

Bugtraq ID: 14927
14928
14929
14930

CVE ID: CVE-2005-3046
CVE-2005-3047
CVE-2005-3048
CVE-2005-3049
CVE-2005-3050

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now