Description
Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
Exploits (1)
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11111
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55532
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37719
Exploit x_refsource_misc
http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txt
Scores
EPSS
0.0140
EPSS Percentile
80.5%
Details
CWE
CWE-94
Status
published
Products (1)
boesch-it/faqengine
4.24.00
Published
Apr 13, 2010
Tracked Since
Feb 18, 2026