Security Advisory 2006-04-21

Memory leak vulnerability in phpMyFAQ 1.5.x / 1.6.x

Issued on:
2006-04-21
Software:
phpMyFAQ <= 1.5.8 and phpMyFAQ <= 1.6.0 RC2
Risk:
Medium
Platforms:
all

The phpMyFAQ Team has learned about a vulnerability in PHP that can be exploited in phpMyFAQ 1.5.x and phpMyFAQ 1.6.x RC2.

Description

A binary safety issue in the PHP function html_entity_decode() can leak memory content.

Solution

The phpMyFAQ Team has released the new phpMyFAQ versions 1.5.9 and phpMyFAQ 1.6.0 which fix these vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

If it's possible you should upgrade your PHP version to 4.4.3 or 5.1.3 which also fixes the problem.

Credits

The phpMyFAQ Team would like to thank Tõnu Samuel for discovering this vulnerability.

Back to the security advisories overview