Vulnerabilities > CVE-2004-2255 - Unspecified vulnerability in PHPmyfaq 1.3.12
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | PHPMYFAQ_ACTION_PARAMETER_FLAW.NASL |
| description | The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information disclosure. The problem is that user input passed to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14258 |
| published | 2004-08-11 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14258 |
| title | phpMyFAQ index.php action Parameter Local File Inclusion |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html
- http://secunia.com/advisories/11640
- http://securitytracker.com/id?1010190
- http://www.osvdb.org/6300
- http://www.phpmyfaq.de/advisory_2004-05-18.php
- http://www.securityfocus.com/bid/10374
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16177