Security Advisory 2017-01-27
Execution of arbitrary PHP code in phpMyFAQ version 2.9
- Issued on:
- 2017-01-27
- Software:
- phpMyFAQ version <= 2.9.5
- Risk:
- critical
- Platforms:
- all
The phpMyFAQ Team has learned of a serious security issue that has been discovered in our
file upload functionality in phpMyFAQ 2.9.
Description
The vulnerability is caused due to missing CSRF and file type check, which can be exploited to execute
arbitrary PHP code.
Impact
This issue allows for possible remote code execution.
Solution
The phpMyFAQ Team has released the new phpMyFAQ versions 2.9.6 which fix the vulnerability. All users
of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 2.9.6.
Credits
The phpMyFAQ teams would like to thank Clifford Trigo from
Invalid Web Security for theresponsible disclosure of this vulnerability.