Security Advisory 2018-09-02

Multiple vulnerabilities in phpMyFAQ

Issued on:

2018-09-02

Software:

phpMyFAQ <= 2.9.10

Risk:

Medium

Platforms:

all

The phpMyFAQ Team has learned of some security issues that have been discovered in phpMyFAQ 2.9.10 and

earlier. phpMyFAQ contains cross-site request forgery, a CSV Injection and an insecure usage of microtime for

password-reset tokens.

Description

phpMyFAQ does not implement sufficient checks to avoid CSRF and CSV injection for the reports generated in the admin

backend. For the CSRF and CSV injection you need administrator privileges to be executed. We also use microtime to

generate the tokens of new passwords.

Solution

The phpMyFAQ Team has released the new phpMyFAQ versions 2.9.11 which fix the vulnerabilities. All users

of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 2.9.11.

References

• CVE-2018-16650
• CVE-2018-16651

Thanks

The phpMyFAQ teams would like to thank Zeel Chavda for the CSRF and CSV injection. We want to thank all for the

responsible disclosure of these vulnerabilities.