Remote PHP Code Execution Vulnerability in phpMyFAQ 2.7.4 and earlier
- Issued on:
- phpMyFAQ <= 2.7.4
The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.7.
The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary php code and upload malware and trojan horses.
The phpMyFAQ Team has released a new phpMyFAQ version 2.7.5, which incorporates a fixed bundled ImageManager library. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 2.7.5.
The phpMyFAQ Team would like to thank EgiX for discovering this vulnerability.