Remote PHP Code Injection Vulnerability in phpMyFAQ 2.6.18 and 2.7.0
- Issued on:
- phpMyFAQ <= 2.6.18 and phpMyFAQ <= 2.7.0
The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.6 and 2.7.
The bundled ImageManager library allows injection of arbitrary PHP code via POST requests.
The phpMyFAQ Team has released a new phpMyFAQ version 2.6.19 and 2.7.1, which incorporates a fixed bundled ImageManager library. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 2.6.19 and phpMyFAQ 2.7.1.
The phpMyFAQ Team would like to thank EgiX for discovering this vulnerability.