AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 10:12:35 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5356 Members
Latest Member: Gagabaksik
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: phpMyFAQ XML-RPC for PHP Nested Tags Remote Code Execution 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: phpMyFAQ XML-RPC for PHP Nested Tags Remote Code Execution  (Read 756 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
phpMyFAQ XML-RPC for PHP Nested Tags Remote Code Execution
« on: August 17, 2005, 04:44:23 PM »
* Technical Description *

A vulnerability was identified in phpMyFAQ, which could be exploited by remote attackers to execute arbitrary code. This flaw is due to an input validation error in the XML-RPC library when processing, via an "eval()" call, certain XML tags nested in parsed documents, which could be exploited by remote attackers to execute arbitrary PHP commands. For additional information, see : FrSIRT/ADV-2005-1413

 * Affected Products *

phpMyFAQ version 1.4.10 and prior
phpMyFAQ version 1.5.0-RC6 and prior

 * Solution *

Upgrade to phpMyFAQ version 1.4.11 :
http://www.phpmyfaq.de/download.php

 * References *

http://www.frsirt.com/english/advisories/2005/1416
http://www.phpmyfaq.de/advisory_2005-08-15.php
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: phpMyFAQ XML-RPC for PHP Nested Tags Remote Code Execution « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!