FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- Remote PHP Code Injection Vulnerability

Affected packages
phpmyfaq < 2.6.19

Details

VuXML ID 395e0faa-ffa7-11e0-8ac4-6c626dd55a41
Discovery 2011-10-25
Entry 2011-10-26

The phpMyFAQ project reports:

The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.6 and 2.7. The bundled ImageManager library allows injection of arbitrary PHP code via POST requests.

[source]

References

URL http://forum.phpmyfaq.de/viewtopic.php?f=3&t=13402
URL http://www.phpmyfaq.de/advisory_2011-10-25.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.