We seriously take care about any security issues found in phpMyFAQ or bundled components. If you’ve discovered a security vulnerability in phpMyFAQ, we appreciate your help in disclosing it to us in a responsible manner.
Publicly disclosing a vulnerability can put the entire community at risk. If you’ve discovered a security concern, please email us at firstname.lastname@example.org. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. We consider correspondence sent to email@example.com our highest priority, and work to address any issues that arise as quickly as possible.
Please act in good faith towards our users’ privacy and data during your disclosure. We won’t take legal action against you or administrative action against your account if you act accordingly: White hat researchers are always appreciated.
Here you can find our advisories:
We want to say a big thank you to Stefan Esser from SektionEins GmbH and Christopher Kunz from the Hardened PHP team and to Johann-Peter Hartmann from Mayflower GmbH and Johannes Schlüter from the PHP Development team for auditing phpMyFAQ.
For further information and in case of questions, please contact the phpMyFAQ Team.