Security Advisory 2023-01-15

Multiple vulnerabilities in phpMyFAQ

Issued on:

2023-01-15

Software:

phpMyFAQ <= 3.1.9

Risk:

High

Platforms:

all

The phpMyFAQ Team has learned of a multiple security issues that have been discovered in phpMyFAQ 3.1.9 and

earlier. phpMyFAQ contains cross-site scripting (XSS) vulnerabilities and a weak password check.

Description

phpMyFAQ does not implement sufficient checks to avoid

• a stored XSS in "Add new question"
• a stored XSS in admin user page
• a stored XSS in FAQ comments
• a blind stored XSS in admin open question page
• a reflected XSS in the admin backend login
• stored XSS on user, category, FAQ, news and configuration admin backend
• weak passwords

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 3.1.10 which fixes these vulnerabilities. All

users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 3.1.10.

References

• XSS

• Weak password

• XSS

• XSS

• XSS

• XSS

• Captcha bypass

• XSS

• XSS

Thanks

The phpMyFAQ team would like to thank @leminv, @uonghoangminhchau, Mohamed Abdelhady, AggressiveUser and

@baharuddinzulkifli for the responsible disclosure of this vulnerability.