Security Advisory 2017-10-19

XSS, CSRF and SQL injection in phpMyFAQ

Issued on:

2017-10-19

Software:

phpMyFAQ <= 2.9.8

Risk:

Medium

Platforms:

all

The phpMyFAQ Team has learned of some security issues that have been discovered in phpMyFAQ 2.9.8 and

earlier. phpMyFAQ contains cross-site request forgery, cross-site scripting and SQL injection vulnerabilities.

Description

phpMyFAQ does not implement sufficient checks to avoid XSS, CSRF and SQL injection. For the XSS and CSRF vulnerabilities

you need administrator privileges to be executed.

Solution

The phpMyFAQ Team has released the new phpMyFAQ versions 2.9.9 which fix the vulnerabilities. All users

of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 2.9.9.

References

• CVE-2017-14618

  (reported by Ishaq Mohammed)

• CVE-2017-14619

  (reported by Ishaq Mohammed)

• CVE-2017-15727

  (reported by Nikhil Mittal)

• CVE-2017-15728

  (reported by Nikhil Mittal)

• CVE-2017-15729

  (reported by Nikhil Mittal)

• CVE-2017-15730

  (reported by Nikhil Mittal)

• CVE-2017-15731

  (reported by Nikhil Mittal)

• CVE-2017-15732

  (reported by Nikhil Mittal)

• CVE-2017-15733

  (reported by Nikhil Mittal)

• CVE-2017-15734

  (reported by Nikhil Mittal)

• CVE-2017-15735

  (reported by Nikhil Mittal)

• CVE-2017-15808

  (reported by Chirag Solanki)

• CVE-2017-15809

  (reported by Chirag Solanki)

Thanks

The phpMyFAQ teams would like to thank

Ishaq Mohammed, Nikhil Mittal and Chirag Solanki. We also like to thank Li Ke and Zhou Junyu from Tencent's Xuanwu Lab.

for the responsible disclosure of these vulnerabilities.