phpMyFAQ Security Advisory

Remote PHP Code Injection Vulnerability in phpMyFAQ 1.4.x and 1.5.x

Issued on:
2005-08-15
Software:
phpMyFAQ <= 1.4.10 and phpMyFAQ <= 1.5.0 RC6
Risk:
high
Platforms:
all

The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled library XML-RPC we use in phpMyFAQ 1.4 and 1.5.

Description

The bundled XML-RPC library allow injection of arbitrary PHP code into eval() statements. This is caused by an improper handling of XMLRPC requests and responses that are malformed in a certain way.

Solution

The phpMyFAQ Team has released a new phpMyFAQ version 1.4.11 and 1.5.0 RC7, which incorporate a fixed bundled library XML-RPC. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

As a temporary hotfix you can delete your xmlrpc.php and xmlrpcs.php file in the directory inc/ so that your FAQ will not easily allow execution of maliclius XML-RPC method calls.

Credits

The phpMyFAQ Team would like to thank Stefan Esser and the Hardened-PHP Project for discovering this vulnerability. The Hardened-PHP Project has also released a more detailed advisory.