phpMyFAQ Security Advisory

phpmyfaq.de compromised

Issued on:
2010-12-15
Software:
phpMyFAQ > 2.6.10
Risk:
Critical
Platforms:
all

The main server of the phpMyFAQ Project was compromised in an attack, allowing a rogue version of the phpMyfAQ software to be uploaded and distributed from december 4th until december 15th. The affected versions were phpMyFAQ 2.6.11 and 2.6.12, both zip and tar.gz package. The attacker also changed the MD5 files.

Description

The attacker added a backdoor into the file inc/Faq.php in the method getTopTen(). The code was base64 encoded and first sent an e-mail to a GMail address and added an entry in the faqconfig table. With this entry, a backdoor was opened to include to include arbitrary PHP code.

Solution

The phpMyFAQ Team will release a new clean phpMyFAQ version 2.6.13. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

If you use phpMyFAQ 2.6.11 or phpMyFAQ 2.6.12 downloaded after december 4th or before december 15th you should change the file inc/Faq.php as soon as possible.