FreeBSD : phpmyfaq -- arbitrary PHP code execution vulnerability (3b86583a-66a7-11e3-868f-0025905a4771)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyFAQ team reports :

Secunia noticed while analysing the advisory that authenticated users
with 'Right to add attachments' are able to exploit an already
publicly known issue in the bundled Ajax File Manager of phpMyFAQ
version 2.8.3, which leads to arbitrary PHP code execution for
authenticated users with the permission 'Right to add attachments'.

See also :

http://en.securitylab.ru/lab/PT-2013-41
http://www.phpmyfaq.de/advisory_2013-11-26.php
http://www.nessus.org/u?f6ad0431

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 71485 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now