CVE-2004-2257

MEDIUM

phpMyFAQ 1.4.0 - Info Disclosure

Title source: llm

Description

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

References (6)

[Broken Link, Patch, Vendor Advisory] http://secunia.com/advisories/12085

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1010795

[Broken Link, Patch] http://www.osvdb.org/8240

[Product, Vendor Advisory] http://www.phpmyfaq.de/advisory_2004-07-27.php

[Broken Link, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/10813

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16814

Scores

CVSS v3 5.3

EPSS 0.0133

EPSS Percentile 79.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-425

Status draft

Affected Products (1)

phpmyfaq/phpmyfaq

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026