Description

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.

Remediation

References

CVE-2004-2255

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5256)

WordPress Plugin CMP-Coming Soon & Maintenance by NiteoThemes Security Bypass (3.8.1)

WordPress Plugin WP Cost Estimation & Payment Forms Builder Multiple Vulnerabilities (9.642)

WordPress Plugin Get URL Cron Multiple Vulnerabilities (1.4.7)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Severity

Medium

Classification

CVE-2004-2255

Tags

Missing Update Known Vulnerabilities