Security Advisory 2011-09-28
Information disclosure vulnerability
- Issued on:
- 2011-09-28
- Software:
- phpMyFAQ <= 2.6.17
- Risk:
- Medium
- Platforms:
- all
The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ 2.6.
Description
phpMyFAQ 2.6 allows remote attackers to obtain sensitive information via a direct request to a
.php file, which reveals the installation path in an error message, e.g. by lang/language_uk.php
and certain other files.
Solution
The phpMyFAQ Team has released a new phpMyFAQ version 2.6.18 which fixes these vulnerabilities.
All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this
latest version.
Workaround
There's no workaround except installing phpMyFAQ 2.6.18.
Credits
CVE-2011-3783 for further information.