Summary
The remote web server contains a PHP script that permits information disclosure of local files.
Description :
The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information disclosure. The problem is that user input passed to the 'action' parameter is not properly verified before being used to include files, which could allow an remote attacker to view any accessible file on the system, resulting in a loss of confidentiality.
Solution
Upgrade to phpMyFAQ 1.3.13 or newer.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2004-2255 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities