FreeBSD : phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution (c6b9aee8-3071-11da-af18-000ae4641456)
Medium Nessus Plugin ID 21510
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionIf magic quotes are off there's a SQL injection when sending a forgotten password. It's possible to overwrite the admin password and to take over the whole system. In some files in the admin section there are some cross site scripting vulnerabilities. In the public frontend it's possible to include arbitrary php files.
SolutionUpdate the affected package.