FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution

Affected packages
phpmyfaq < 1.5.2

Details

VuXML ID c6b9aee8-3071-11da-af18-000ae4641456
Discovery 2005-09-23
Entry 2005-09-29

If magic quotes are off there's a SQL injection when sending a forgotten password. It's possible to overwrite the admin password and to take over the whole system. In some files in the admin section there are some cross site scripting vulnerabilities. In the public frontend it's possible to include arbitrary php files.

References

Bugtraq ID 14927
Bugtraq ID 14928
Bugtraq ID 14929
Bugtraq ID 14930
CVE Name CVE-2005-3046
CVE Name CVE-2005-3047
CVE Name CVE-2005-3048
CVE Name CVE-2005-3049
CVE Name CVE-2005-3050
URL http://www.phpmyfaq.de/advisory_2005-09-23.php