Security Advisory 2013-11-18
Permission vulnerability
- Issued on:
- 2013-11-18
- Software:
- phpMyFAQ <= 2.8.2
- Risk:
- Medium
- Platforms:
- all
The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ
2.8.x.
Description
phpMyFAQ 2.8.x allows logged in users without any proper permissions the usage of the
bundled Image Manager.
Solution
The phpMyFAQ Team has released a new phpMyFAQ version 2.8.3 which fixes thie vulnerability.
All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to
this latest version.
Workaround
There's no workaround except installing phpMyFAQ 2.8.3.
Credits
http://pastebin.com/tmYXh6XM for further information.