Security Advisory 2005-08-15
Remote PHP Code Injection Vulnerability in phpMyFAQ 1.4.x and 1.5.x
- Issued on:
- 2005-08-15
- Software:
- phpMyFAQ <= 1.4.10 and phpMyFAQ <= 1.5.0 RC6
- Risk:
- high
- Platforms:
- all
The phpMyFAQ Team has learned of a serious security issue that has been discovered in our
bundled library XML-RPC we use in phpMyFAQ 1.4 and 1.5.
Description
The bundled XML-RPC library allow injection of arbitrary PHP code into eval() statements. This
is caused by an improper handling of XMLRPC requests and responses that are malformed in a
certain way.
Solution
The phpMyFAQ Team has released a new phpMyFAQ version 1.4.11 and 1.5.0 RC7, which incorporate a
fixed bundled library XML-RPC. All users of affected phpMyFAQ versions are encouraged to upgrade
as soon as possible to this latest version.
Workaround
As a temporary hotfix you can delete your xmlrpc.php and xmlrpcs.php file in the directory inc/
so that your FAQ will not easily allow execution of maliclius XML-RPC method calls.
Credits
The phpMyFAQ Team would like to thank Stefan Esser and the
Hardened-PHP Projectfor discovering this vulnerability. The Hardened-PHP Project has also released a
more detailed advisory
.