phpMyFAQ log file user information disclosure
| phpmyfaq-log-user-information-disclosure (22405) |  Low Risk |
Description:
phpMyFAQ could disclose sensitive information. A remote attacker could send a specially-crafted URL requesting a log file for a specific date and view the user information from the log file for the date requested.
Platforms Affected:
- Thorsten Rinne, phpMyFAQ 1.5.1
Remedy:
Upgrade to the latest version of phpMyFAQ (1.5.2 or later), available from the phpMyFAQ Web site. See References.
Consequences:
Obtain Information
References:
- phpMyFAQ Web site, phpMyFAQ: open source FAQ system for PHP and MySQL, PostgreSQL and other databases | Welcome at http://www.phpmyfaq.de/.
- rgod's advisory: PhpMyFAQ 1.5.1, PhpMyFaq 1.5.1 SQL injection / board takeover / user info disclosure / path disclosure at http://seclists.org/lists/bugtraq/2005/Sep/0281.html.
- BID-14930: PHPMyFAQ Logs Unauthorized Access Vulnerability
- CVE-2005-3049: PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.
- OSVDB ID: 19670: phpMyFAQ Remote Log Access Information Disclosure
- SA16933: phpMyFAQ Multiple Vulnerabilities
- SECTRACK ID: 1014968: phpMyFAQ Input Validation Holes Permit SQL Injection, Cross-Site Scrpting, and Remote Command Execution
Reported:
Sep 22, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net