FreeBSD : phpmyfaq -- cross-site request forgery vulnerability (f87a9376-0943-11e6-8fc4-00a0986f28c4)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyFAQ team reports :

The vulnerability exists due to application does not properly verify
origin of HTTP requests in 'Interface Translation' functionality.: A
remote unauthenticated attacker can create a specially crafted
malicious web page with CSRF exploit, trick a logged-in administrator
to visit the page, spoof the HTTP request, as if it was coming from
the legitimate user, inject and execute arbitrary PHP code on the
target system with privileges of the webserver.

See also :

http://www.phpmyfaq.de/security/advisory-2016-04-11
https://www.htbridge.com/advisory/HTB23300
http://www.nessus.org/u?97dbbaba

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90699 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now