FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- Remote PHP Code Injection Vulnerability

Affected packages
phpmyfaq < 2.6.19

Details

VuXML ID 395e0faa-ffa7-11e0-8ac4-6c626dd55a41
Discovery 2011-10-25
Entry 2011-10-26

The phpMyFAQ project reports:

The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.6 and 2.7. The bundled ImageManager library allows injection of arbitrary PHP code via POST requests.

References

URL http://forum.phpmyfaq.de/viewtopic.php?f=3&t=13402
URL http://www.phpmyfaq.de/advisory_2011-10-25.php