What is phpMyFAQ ?
Free Download
38 translationsphpMyFAQ Security Advisory
Memory leak vulnerability in phpMyFAQ 1.5.x / 1.6.x
- Issued on:
- 2006-04-21
- Software:
- phpMyFAQ <= 1.5.8 and phpMyFAQ <= 1.6.0 RC2
- Risk:
- Medium
- Platforms:
- all
The phpMyFAQ Team has learned about a vulnerability in PHP that can be exploited in phpMyFAQ 1.5.x and phpMyFAQ 1.6.x RCx.
Description
A binary safety issue in the PHP function html_entity_decode() can leak memory content.
Solution
The phpMyFAQ Team has released the new phpMyFAQ versions 1.5.9 and phpMyFAQ 1.6.0 which fix these vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
If it's possible you should upgrade your PHP version to 4.4.3 or 5.1.3 which also fixes the problem.
Credits
The phpMyFAQ Team would like to thank Tõnu Samuel for discovering this vulnerability.