FreeBSD : phpmyfaq -- Remote PHP Code Injection Vulnerability (395e0faa-ffa7-11e0-8ac4-6c626dd55a41)

High Nessus Plugin ID 56657


The remote FreeBSD host is missing a security-related update.


The phpMyFAQ project reports :

The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.6 and 2.7. The bundled ImageManager library allows injection of arbitrary PHP code via POST requests.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 56657

File Name: freebsd_pkg_395e0faaffa711e08ac46c626dd55a41.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2011/10/27

Modified: 2016/12/08

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyfaq, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/10/26

Vulnerability Publication Date: 2011/10/25

Exploitable With

Elliot (phpMyFAQ 2.7.0 RCE)