phpMyFAQ homepage - open source FAQ software | Security Advisory 2011-09-28

phpMyFAQ Security Advisory

Information disclosure vulnerability

Issued on:: 2011-09-28
Software:: phpMyFAQ <= 2.6.17
Risk:: Medium
Platforms:: all

The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ 2.6.

Description

phpMyFAQ 2.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, e.g. by lang/language_uk.php and certain other files.

Solution

The phpMyFAQ Team has released a new phpMyFAQ version 2.6.18 which fixes these vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 2.6.18.

Credits

Please check CVE-2011-3783 for further informations.

Free Download

Resources

Follow @phpMyFAQ

40+ Translations

Arabic, Basque, Bengali, Brazilian Portuguese, Chinese (Simplified), Chinese (Traditional), Czech, Danish, Dutch, English, Finnish, French, German, Greek, Hebrew, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Latvian, Lithuanian, Malay, Norwegian (Bokmål), Persian (Farsi), Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Vietnamese, Welsh