Multiple vulnerabilities in phpMyFAQ
- Issued on:
- 2022-12-11
- Software:
- phpMyFAQ <= 3.1.8
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of a multiple security issues that have been discovered in phpMyFAQ 3.1.8 and earlier. phpMyFAQ contains cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL injection vulnerabilities.
Description
phpMyFAQ does not implement sufficient checks to avoid
- an authenticated SQL injection when adding categories in the admin backend
- a stored cross-site scripting vulnerability in the category name
- a stored cross-site scripting vulnerability in the admin logging
- a stored cross-site scripting vulnerability in the FAQ title
- a PostgreSQL based SQL injection for the lang parameter
- a SQL injection when storing an instance name in the admin backend
- a SQL injection when adding attachments in the admin backend
- a stored cross-site scripting vulnerability when adding users by admins
- a missing "secure" flag for cookies when using TLS
- a cross-site request forgery / cross-site scripting vulnerability when saving new questions
- a reflected cross-site scripting vulnerability in the admin backend
>
Solution
The phpMyFAQ Team has released the new phpMyFAQ version 3.1.9 which fixes these vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 3.1.9.
References
Thanks
The phpMyFAQ team would like to thank xanhacks, Ugnius, Abdelrhman Allam, Kiran PP and AggressiveUser for the responsible disclosure of this vulnerability.
Back to the security advisories overview