Security Advisory 2024-12-06
Information disclosure vulnerability in phpMyFAQ
- Issued on:
- 2024-12-06
- Software:
- phpMyFAQ <= 4.0.0-RC.5
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of a security issues that'd been discovered in phpMyFAQ 4.0.0-RC.5 and
earlier. An information disclosure vulnerability has been discovered in the phpMyFAQ application.
This vulnerability reveals the database username and password if the database is not available.
Description
If the database is not available, the database username and password are shown in the error message.
Solution
The phpMyFAQ Team has released the new phpMyFAQ version 4.0.0, which fixes the vulnerability. All
users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 4.0.0.
Thanks
The phpMyFAQ team would like to thank geo-chen for the responsible disclosures of this vulnerability.