FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- arbitrary PHP code execution vulnerability

Affected packages
phpmyfaq < 2.8.4

Details

VuXML ID 3b86583a-66a7-11e3-868f-0025905a4771
Discovery 2013-11-26
Entry 2013-12-16
Modified 2013-12-17

The phpMyFAQ team reports:

Secunia noticed while analysing the advisory that authenticated users with "Right to add attachments" are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for authenticated users with the permission "Right to add attachments".

References

URL http://en.securitylab.ru/lab/PT-2013-41
URL http://www.phpmyfaq.de/advisory_2013-11-26.php