The phpMyFAQ Team has learned of a security vulnerability in phpMyFAQ version 1.4.0.
phpMyFAQ includes a third party Image Manager for uploading images. The Image Manager can be accessed by anyone on the web without authorization.
The Image Manager can be accessed by typing the location of the Image Manager and this person can upload images on your page or delete all images.
The phpMyFAQ Team has released a new phpMyFAQ version 1.4.0a, which incorporate a fix for the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade to this latest version.
There is no workaround except installing the patch.