Security Advisory 2006-12-15
SQL injection and remote code execution vulnerabilities in phpMyFAQ 1.6.x
- Issued on:
- 2006-12-15
- Software:
- phpMyFAQ <= 1.6.7
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned about some vulnerabilities in the code that could be exploited in
phpMyFAQ 1.6.x.
Description
Through one of the vulnerabilities it is possible to gain the privilege for uploading files on
the server: currently no public exploit is available but two users already reported us to be
hacked and the r57shell script has been installed on their systems.
Solution
The phpMyFAQ Team has released the new phpMyFAQ version 1.6.8 which fixes these vulnerabilities.
All users of the affected phpMyFAQ versions are encouraged to upgrade as soon as possible to
this latest version.
Workaround
At the time of this advisory there's no workaround except installing phpMyFAQ 1.6.8.
Credits
The phpMyFAQ Team would like to thank Markus Kohlmeyer, for reporting us how his system has been
hacked, and Stefan Esser, for discovering all the other vulnerabilities.