Security Advisory 2006-12-15

SQL injection and remote code execution vulnerabilities in phpMyFAQ 1.6.x

Issued on:
2006-12-15
Software:
phpMyFAQ <= 1.6.7
Risk:
High
Platforms:
all

The phpMyFAQ Team has learned about some vulnerabilities in the code that could be exploited in phpMyFAQ 1.6.x.

Description

Through one of the vulnerabilities it is possible to gain the privilege for uploading files on the server: currently no public exploit is available but two users already reported us to be hacked and the r57shell script has been installed on their systems.

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 1.6.8 which fixes these vulnerabilities. All users of the affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

At the time of this advisory there's no workaround except installing phpMyFAQ 1.6.8.

Credits

The phpMyFAQ Team would like to thank Markus Kohlmeyer, for reporting us how his system has been hacked, and Stefan Esser, for discovering all the other vulnerabilities.

Back to the security advisories overview