Security Advisory 2006-04-21
Memory leak vulnerability in phpMyFAQ 1.5.x / 1.6.x
- Issued on:
- 2006-04-21
- Software:
- phpMyFAQ <= 1.5.8 and phpMyFAQ <= 1.6.0 RC2
- Risk:
- Medium
- Platforms:
- all
The phpMyFAQ Team has learned about a vulnerability in PHP that can be exploited in phpMyFAQ
1.5.x and phpMyFAQ 1.6.x RC2.
Description
A binary safety issue in the PHP function html_entity_decode() can leak memory content.
Solution
The phpMyFAQ Team has released the new phpMyFAQ versions 1.5.9 and phpMyFAQ 1.6.0 which fix
these vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon
as possible to this latest version.
Workaround
If it's possible you should upgrade your PHP version to 4.4.3 or 5.1.3 which also fixes the
problem.
Credits
The phpMyFAQ Team would like to thank Tõnu Samuel for discovering this vulnerability.