Security Advisory 2022-12-11

Multiple vulnerabilities in phpMyFAQ

Issued on:

2022-12-11

Software:

phpMyFAQ <= 3.1.8

Risk:

High

Platforms:

all

The phpMyFAQ Team has learned of a multiple security issues that have been discovered in phpMyFAQ 3.1.8 and

earlier. phpMyFAQ contains cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL injection

vulnerabilities.

Description

phpMyFAQ does not implement sufficient checks to avoid

• an authenticated SQL injection when adding categories in the admin backend
• a stored cross-site scripting vulnerability in the category name
• a stored cross-site scripting vulnerability in the admin logging
• a stored cross-site scripting vulnerability in the FAQ title
• a PostgreSQL based SQL injection for the lang parameter
• a SQL injection when storing an instance name in the admin backend
• a SQL injection when adding attachments in the admin backend
• a stored cross-site scripting vulnerability when adding users by admins
• a missing "secure" flag for cookies when using TLS
• a cross-site request forgery / cross-site scripting vulnerability when saving new questions
• a reflected cross-site scripting vulnerability in the admin backend
>

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 3.1.9 which fixes these vulnerabilities. All

users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 3.1.9.

References

• XSS

• CSRF

• TLS Cookie without `secure` flag

• XSS

• SQL injection

• SQL injection

• SQL injection

• XSS

• XSS

• XSS

• SQL Injection

Thanks

The phpMyFAQ team would like to thank xanhacks, Ugnius, Abdelrhman Allam, Kiran PP and AggressiveUser for the

responsible disclosure of this vulnerability.