phpMyFAQ Security Advisory


      Vulnerability in phpMyFAQ version 1.4.0

Issued on:
    2004-07-27
Software:
    phpMyFAQ version 1.4.0
Risk:
    medium
Platforms:
    all

The phpMyFAQ Team has learned of a security vulnerability in phpMyFAQ
version 1.4.0.


      Description

phpMyFAQ includes a third party Image Manager for uploading images. The
Image Manager can be accessed by anyone on the web without authorization.


      Impact

The Image Manager can be accessed by typing the location of the Image
Manager and this person can upload images on your page or delete all images.


      Solution

The phpMyFAQ Team has released a new phpMyFAQ version 1.4.0a, which
incorporate a fix for the vulnerability. All users of affected phpMyFAQ
versions are encouraged to upgrade to this latest version.


      Workaround

There is no workaround except installing the patch.