Security Advisory 2023-04-23

Multiple vulnerabilities in phpMyFAQ

Issued on:
2023-04-23
Software:
phpMyFAQ <= 3.1.12
Risk:
Medium
Platforms:
all

The phpMyFAQ Team has learned of multiple security issues that have been discovered in phpMyFAQ 3.1.12 and earlier. phpMyFAQ contains cross-site scripting (XSS) and an email address manipulation vulnerability.

Description

phpMyFAQ does not implement sufficient checks to avoid

  • XSS
  • email address manipulation

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 3.1.13 which fixes these vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 3.1.13.

References

Thanks

The phpMyFAQ team would like to thank Dan Barros, Asura-N, and Aziz Hakim for the responsible disclosure of this vulnerabilities.

Back to the security advisories overview