Description

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

Remediation

References

CVE-2004-2257

Related Vulnerabilities

Apache Traffic Server HTTP Request Smuggling Vulnerability (CVE-2020-17509 )

WordPress Plugin Login with phone number Security Bypass (1.7.26)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10352)

WordPress Plugin Redirection HTTP Referrer Header HTML Injection (2.2.9)

WordPress Plugin Product Import Export for WooCommerce Cross-Site Request Forgery (1.7.4)

Severity

Medium

Classification

CVE-2004-2257

Tags

Missing Update Known Vulnerabilities