Security Advisory 2004-07-27

Vulnerability in phpMyFAQ version 1.4.0

The phpMyFAQ Team has learned of a security vulnerability in phpMyFAQ version 1.4.0.

phpMyFAQ includes a third party Image Manager for uploading images. The Image Manager can be

accessed by anyone on the web without authorization.

The Image Manager can be accessed by typing the location of the Image Manager and this person

can upload images on your page or delete all images.

The phpMyFAQ Team has released a new phpMyFAQ version 1.4.0a, which incorporate a fix for the

vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade to this latest

version.

There is no workaround except installing the patch.