phpMyFAQ Security Advisory

Remote code execution vulnerability in phpMyFAQ 1.6.x

Issued on:
2007-02-18
Software:
phpMyFAQ <= 1.6.9
Risk:
High
Platforms:
all

The phpMyFAQ Team has learned about a vulnerability in the code that could be exploited in phpMyFAQ 1.6.x.

Description

Through the vulnerability it is possible to gain the privilege for uploading files on the server when register_globals is activated: currently no public exploit is available but some users already reported us to be hacked and the r57shell script has been installed on their systems.

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 1.6.10 which fixes the vulnerability. All users of the affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

If it's possible for you set register_globals to off in your php.ini configuration settings.

Credits

The phpMyFAQ Team would like to thank François Maillet and Enrico Fischer (Powerserver-Germany webHosting & DomainServices) for reporting the vulnerability, and Johannes Schlüter for discovering and fixing the issue.