Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2255

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-2255
Last Modified 05 Sep 2008 04:43:37
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2255

Summary

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.

Vulnerable Systems

Application

  • Phpmyfaq 1.3.12


References

XF - phpmyfaq-file-include(16177)

BID - 10374

OSVDB - 6300

SECUNIA - 11640

CONFIRM - http://www.phpmyfaq.de/advisory_2004-05-18.php

SECTRACK - 1010190

FULLDISC - 20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability


Last Updated: 27 May 2016 10:39:24