Security Advisory 2017-01-27

Execution of arbitrary PHP code in phpMyFAQ version 2.9

Issued on:
2017-01-27
Software:
phpMyFAQ version <= 2.9.5
Risk:
critical
Platforms:
all

The phpMyFAQ Team has learned of a serious security issue that has been discovered in our file upload functionality in phpMyFAQ 2.9.

Description

The vulnerability is caused due to missing CSRF and file type check, which can be exploited to execute arbitrary PHP code.

Impact

This issue allows for possible remote code execution.

Solution

The phpMyFAQ Team has released the new phpMyFAQ versions 2.9.6 which fix the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 2.9.6.

Credits

The phpMyFAQ teams would like to thank Clifford Trigo from Invalid Web Security for the responsible disclosure of this vulnerability.

Back to the security advisories overview