The phpMyFAQ Team has learned of a multiple security issues that have been discovered in phpMyFAQ 3.1.7 and earlier. phpMyFAQ contains a pre-auth SQL injection and cross-site scripting vulnerabilities.
phpMyFAQ does not implement sufficient checks to avoid
The phpMyFAQ Team has released the new phpMyFAQ version 3.1.8 which fixes these vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 3.1.8.
The phpMyFAQ team would like to thank Hoang Van Hiep and Max Garrett from Assetnote for the responsible disclosure of this vulnerability.