Description

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

Remediation

References

CVE-2004-2257

Related Vulnerabilities

WordPress Plugin Events Manager Multiple Vulnerabilities (5.9.7.3)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Unspecified Vulnerability (2.1.8)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35160)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4290)

WordPress Plugin WordPress Facebook SQL Injection (1.0.13)

Severity

Medium

Classification

CVE-2004-2257

Tags

Missing Update Known Vulnerabilities