ID de Prueba:	1.3.6.1.4.1.25623.1.0.14258
Categoría:	Web application abuses
Título:	phpMyFAQ action parameter arbitrary file disclosure vulnerability
Resumen:	The remote web server contains a PHP script that permits information;disclosure of local files.;;The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information;disclosure. The problem is that user input passed to the 'action' parameter is not properly verified before;being used to include files, which could allow a remote attacker to view any accessible file on the system,;resulting in a loss of confidentiality.
Descripción:	Summary: The remote web server contains a PHP script that permits information disclosure of local files. The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information disclosure. The problem is that user input passed to the 'action' parameter is not properly verified before being used to include files, which could allow a remote attacker to view any accessible file on the system, resulting in a loss of confidentiality. Solution: Upgrade to phpMyFAQ 1.3.13 or newer. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-2255 BugTraq ID: 10374 http://www.securityfocus.com/bid/10374 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html http://www.osvdb.org/6300 http://securitytracker.com/id?1010190 http://secunia.com/advisories/11640 XForce ISS Database: phpmyfaq-file-include(16177) https://exchange.xforce.ibmcloud.com/vulnerabilities/16177
Copyright	Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.