Security Advisory 2022-10-02

CSRF vulnerability in phpMyFAQ

Issued on:

2022-10-02

Software:

phpMyFAQ <= 3.1.6

Risk:

Medium

Platforms:

all

The phpMyFAQ Team has learned of a security issue that have been discovered in phpMyFAQ 3.1.6 and

earlier. phpMyFAQ contains a cross-site request forgery (CSRF) vulnerability.

Description

phpMyFAQ does not implement sufficient checks to avoid

• CSRF when logging out an user.

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 3.1.7 which fixes the vulnerability. All

users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 3.1.7.

References

• CSRF (Found by KhanhCM)

Thanks

The phpMyFAQ team would like to thank KhanhCM for the responsible disclosure of this vulnerability.