phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution

2005-09-23T00:00:00
ID C6B9AEE8-3071-11DA-AF18-000AE4641456
Type freebsd
Reporter FreeBSD
Modified 2005-09-23T00:00:00

Description

If magic quotes are off there's a SQL injection when sending a forgotten password. It's possible to overwrite the admin password and to take over the whole system. In some files in the admin section there are some cross site scripting vulnerabilities. In the public frontend it's possible to include arbitrary php files.