The phpMyFAQ Team has learned about some vulnerabilities in the code that could be exploited in phpMyFAQ 1.6.x.
Through one of the vulnerabilities it is possible to gain the privilege for uploading files on the server: currently no public exploit is available but two users already reported us to be hacked and the r57shell script has been installed on their systems.
The phpMyFAQ Team has released the new phpMyFAQ version 1.6.8 which fixes these vulnerabilities. All users of the affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
At the time of this advisory there's no workaround except installing phpMyFAQ 1.6.8.
The phpMyFAQ Team would like to thank Markus Kohlmeyer, for reporting us how his system has been hacked, and Stefan Esser, for discovering all the other vulnerabilities.