Security Advisory 2007-02-18

Remote code execution vulnerability in phpMyFAQ 1.6.x

Issued on:

2007-02-18

Software:

phpMyFAQ <= 1.6.9

Risk:

High

Platforms:

all

The phpMyFAQ Team has learned about a vulnerability in the code that could be exploited in

phpMyFAQ 1.6.x.

Description

Through the vulnerability it is possible to gain the privilege for uploading files on the server

when register_globals is activated: currently no public exploit is available but some users

already reported us to be hacked and the r57shell script has been installed on

their systems.

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 1.6.10 which fixes the vulnerability.

All users of the affected phpMyFAQ versions are encouraged to upgrade as soon as possible to

this latest version.

Workaround

If it's possible for you set register_globals to off in your php.ini configuration settings.

Credits

The phpMyFAQ Team would like to thank François Maillet and Enrico Fischer (Powerserver-Germany

webHosting & DomainServices) for reporting the vulnerability, and Johannes Schlüter for

discovering and fixing the issue.