A flaw in phpMyFaq version 1.4.0 allows malicious users the ability to upload or delete arbitrary images.
a95f22c88cf675223d49ae295c041d7cc10be88f9073b173b71766fd0da99725
phpMyFAQ Security Advisory
Vulnerability in phpMyFAQ version 1.4.0
Issued on:
2004-07-27
Software:
phpMyFAQ version 1.4.0
Risk:
medium
Platforms:
all
The phpMyFAQ Team has learned of a security vulnerability in phpMyFAQ
version 1.4.0.
Description
phpMyFAQ includes a third party Image Manager for uploading images. The
Image Manager can be accessed by anyone on the web without authorization.
Impact
The Image Manager can be accessed by typing the location of the Image
Manager and this person can upload images on your page or delete all images.
Solution
The phpMyFAQ Team has released a new phpMyFAQ version 1.4.0a, which
incorporate a fix for the vulnerability. All users of affected phpMyFAQ
versions are encouraged to upgrade to this latest version.
Workaround
There is no workaround except installing the patch.