Security Advisory 2022-10-24

CSRF vulnerability in phpMyFAQ

Issued on:

2022-10-24

Software:

phpMyFAQ <= 3.1.7

Risk:

Medium

Platforms:

all

The phpMyFAQ Team has learned of a multiple security issues that have been discovered in phpMyFAQ 3.1.7 and

earlier. phpMyFAQ contains a pre-auth SQL injection and cross-site scripting vulnerabilities.

Description

phpMyFAQ does not implement sufficient checks to avoid

• a pre-auth SQL injection in then saving user comments
• a reflected cross-site scripting vulnerability in the search
• a stored cross-site scripting vulnerability in the meta data administration
• a weak password requirement

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 3.1.8 which fixes these vulnerabilities. All

users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 3.1.8.

References

• XSS (Found by Hoang Van Hiep)
• XSS (Found by Hoang Van Hiep)
• Weak password requirement (Found by Hoang Van Hiep)
• pre-auth SQL injection (Found by Max Garrett)

Thanks

The phpMyFAQ team would like to thank Hoang Van Hiep and Max Garrett from Assetnote for the responsible disclosure of this vulnerability.