We seriously take care about any security issues found in phpMyFAQ or bundled components. If you’ve discovered a security vulnerability in phpMyFAQ, we appreciate your help in disclosing it to us in a responsible manner.

Publicly disclosing a vulnerability can put the entire community at risk. If you’ve discovered a security concern, please email us at security@phpmyfaq.de. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. We consider correspondence sent to security@phpmyfaq.de our highest priority, and work to address any issues that arise as quickly as possible.

Please act in good faith towards our users’ privacy and data during your disclosure. We won’t take legal action against you or administrative action against your account if you act accordingly: White hat researchers are always appreciated.

Here you can find our advisories:

2012

• Security Advisory 2012-04-14

2011

• Security Advisory 2011-10-25
• Security Advisory 2011-09-28

2010

• Security Advisory 2010-12-15
• Security Advisory 2010-09-28

2009

• Security Advisory 2009-12-01
• Security Advisory 2009-09-01
• Security Advisory 2009-06-02

2008

• Security Advisory 2008-09-11

2007

• Security Advisory 2007-02-18

2006

• Security Advisory 2006-12-15
• Security Advisory 2006-04-21

2005

• Security Advisory 2005-11-18
• Security Advisory 2005-09-23
• Security Advisory 2005-08-15
• Security Advisory 2005-06-29
• Security Advisory 2005-03-06

2004

• Security Advisory 2004-07-27
• Security Advisory 2004-05-18

We want to say a big thank you to Stefan Esser from SektionEins GmbH and Christopher Kunz from the Hardened PHP team and to Johann-Peter Hartmann from SektionEins GmbH and Johannes Schlüter from the PHP Development team for auditing phpMyFAQ.

For further information and in case of questions, please contact the phpMyFAQ Team.