diff options
| author | vsevolod <vsevolod@FreeBSD.org> | 2005-09-29 06:54:43 +0800 |
|---|---|---|
| committer | vsevolod <vsevolod@FreeBSD.org> | 2005-09-29 06:54:43 +0800 |
| commit | 5732be54c57374fb742ab87d15dedb9888059f2a (patch) | |
| tree | deb3dc9dfcbc1152be6b14a8501cbc8e7d3010ec /security | |
| parent | b71f6d9bbf6ccfaa822e39dba7d48ea787f65e9c (diff) | |
| download | freebsd-ports-gnome-5732be54c57374fb742ab87d15dedb9888059f2a.tar.gz freebsd-ports-gnome-5732be54c57374fb742ab87d15dedb9888059f2a.tar.zst freebsd-ports-gnome-5732be54c57374fb742ab87d15dedb9888059f2a.zip | |
Document vulnerabilities in www/phpmyfaq
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 25228171993e..3216a4855ac6 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -21506,4 +21506,29 @@ misc.c: <entry>2005-09-15</entry> </dates> </vuln> + + <vuln vid="c6b9aee8-3071-11da-af18-000ae4641456"> + <topic>phpMyFAQ -- SQL injection, takeover, path disclosure, remote code execution in phpMyFAQ 1.5.x</topic> + <affects> + <package> + <name>phpmyfaq</name> + <range><lt>1.5.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>If magic quotes are off there's a SQL injection when sending a forgotten password. + It's possible to overwrite the admin password and to take over the whole system. + In some files in the admin section there are some cross site scripting vulnerabilities. + In the public frontend it's possible to include arbitrary php files.</p> + </body> + </description> + <references> + <url>http://www.phpmyfaq.de/advisory_2005-09-23.php</url> + </references> + <dates> + <discovery>2005-09-23</discovery> + <entry>2005-09-29</entry> + </dates> + </vuln> </vuxml> |