Detections
Analytics

FreeBSD : phpmyfaq -- multiple vulnerabilities (3eccc968-ab17-11ed-bd9e-589cfc0f81b0)

high Nessus Plugin ID 171384

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3eccc968-ab17-11ed-bd9e-589cfc0f81b0 advisory.

 - phpmyfaq developers report: a bypass to flood admin with FAQ proposals stored XSS in questions stored HTML injections weak passwords (3eccc968-ab17-11ed-bd9e-589cfc0f81b0)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156/

https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c/

https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d/

https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61/

https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024/

https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f/

https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb/

https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f/

https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9/

https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5/

http://www.nessus.org/u?c22303ce

Plugin Details

Severity: High

ID: 171384

File Name: freebsd_pkg_3eccc968ab1711edbd9e589cfc0f81b0.nasl

Version: 1.0

Type: local

Published: 2/12/2023

Updated: 2/12/2023

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyfaq, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2/12/2023

Vulnerability Publication Date: 2/12/2023