Summary
phpMyFAQ is prone to an unauthorized-access vulnerability due to a backdoor in certain versions of the application.
Successful exploits allow remote attackers to execute arbitrary PHP code in the context of the affected application.
phpMyFAQ 2.6.11 and 2.6.12 obtained between December 4, 1010, and December 15, 2010 are vulnerable.
Solution
Updates are available
please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-4558 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ALCASAR Remote Code Execution Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Atmail Multiple Unspecified Security Vulnerabilities.
- AdPeeps 'index.php' Multiple Vulnerabilities.
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities