FreeBSD : phpmyfaq -- Remote PHP Code Injection Vulnerability (395e0faa-ffa7-11e0-8ac4-6c626dd55a41)

high Nessus Plugin ID 56657

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The phpMyFAQ project reports :

The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.6 and 2.7. The bundled ImageManager library allows injection of arbitrary PHP code via POST requests.

Solution

Update the affected package.

See Also

https://www.phpmyfaq.de/news/25

http://forum.phpmyfaq.de/viewtopic.php?f=3&t=13402

http://www.nessus.org/u?be77bd13

Plugin Details

Severity: High

ID: 56657

File Name: freebsd_pkg_395e0faaffa711e08ac46c626dd55a41.nasl

Version: 1.12

Type: local

Published: 10/27/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyfaq, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2011

Vulnerability Publication Date: 10/25/2011

Exploitable With

Elliot (phpMyFAQ 2.7.0 RCE)