Security Advisory 2016-04-11
RCE via CSRF in phpMyFAQ
- Issued on:
- 2016-04-11
- Software:
- phpMyFAQ <= 2.8.26 and phpMyFAQ <= 2.9.0-RC2
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of a security issue that have been discovered in phpMyFAQ 2.8.26 and 2.9.0-RC2 and
earlier. phpMyFAQ contains a cross-site request forgery vulnerability.
Description
The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface
Translation" functionality. A remote unauthenticated attacker can create a specially crafted malicious web page with
CSRF exploit, trick a logged-in administrator to visit the page, spoof the HTTP request, as if it was coming from the
legitimate user, inject and execute arbitrary PHP code on the target system with privileges of the webserver.
Solution
The phpMyFAQ Team has released the new phpMyFAQ versions 2.8.27 and 2.9.0-RC3 which fix the vulnerability. All users
of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 2.8.27 and 2.9.0-RC3.
Credits
Thanks
The phpMyFAQ teams would like to thank High-Tech
Bridge Security Research Lab for the responsible disclosure of this vulnerability.