The phpMyFAQ Team has learned of some security issues that have been discovered in phpMyFAQ 3.0.9 and earlier. phpMyFAQ contains multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities.
phpMyFAQ does not implement sufficient checks to avoid
The phpMyFAQ Team has released the new phpMyFAQ version 3.0.10 which fix the vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 3.0.10.
The phpMyFAQ teams would like to thank 0x7zed, M0rphling, justinp09010 and Dennis Yassine for the responsible disclosure of these vulnerabilities.