Security Advisory 2017-10-19

XSS, CSRF and SQL injection in phpMyFAQ

Issued on:

2017-10-19

Software:

phpMyFAQ <= 2.9.8

Risk:

Medium

Platforms:

all

The phpMyFAQ Team has learned of some security issues that have been discovered in phpMyFAQ 2.9.8 and earlier. phpMyFAQ contains cross-site request forgery, cross-site scripting and SQL injection vulnerabilities.

Description

phpMyFAQ does not implement sufficient checks to avoid XSS, CSRF and SQL injection. For the XSS and CSRF vulnerabilities you need administrator privileges to be executed.

Solution

The phpMyFAQ Team has released the new phpMyFAQ versions 2.9.9 which fix the vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 2.9.9.

References

• CVE-2017-14618 (reported by Ishaq Mohammed)
• CVE-2017-14619 (reported by Ishaq Mohammed)
• CVE-2017-15727 (reported by Nikhil Mittal)
• CVE-2017-15728 (reported by Nikhil Mittal)
• CVE-2017-15729 (reported by Nikhil Mittal)
• CVE-2017-15730 (reported by Nikhil Mittal)
• CVE-2017-15731 (reported by Nikhil Mittal)
• CVE-2017-15732 (reported by Nikhil Mittal)
• CVE-2017-15733 (reported by Nikhil Mittal)
• CVE-2017-15734 (reported by Nikhil Mittal)
• CVE-2017-15735 (reported by Nikhil Mittal)
• CVE-2017-15808 (reported by Chirag Solanki)
• CVE-2017-15809 (reported by Chirag Solanki)

Thanks

The phpMyFAQ teams would like to thank Ishaq Mohammed, Nikhil Mittal and Chirag Solanki. We also like to thank Li Ke and Zhou Junyu from Tencent's Xuanwu Lab. for the responsible disclosure of these vulnerabilities.

Back to the security advisories overview