Security Advisory 2014-11-30
Clickjacking vulnerability in phpMyFAQ 2.8
- Issued on:
- 2014-11-30
- Software:
- phpMyFAQ <= 2.8.17
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of a clickjacking issue that have been discovered in phpMyFAQ
2.8.17 and earlier.
Description
phpMyFAQ 2.8.17 and earlier are vulnerable to clickjacking for all pages as it's possible to
load phpMyFAQ in an iFrame which can trick a user into performing undesired actions by
clicking on a concealed link.
Solution
The phpMyFAQ Team has released phpMyFAQ version 2.8.18 which fixes the vulnerability. All
users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this
latest version.
Workaround
There's no workaround except installing phpMyFAQ 2.8.18.
Thanks
The phpMyFAQ teams would like to thank
Narendra Bhatifor the responsible disclosure of this vulnerability.