phpMyFAQ phpMyFAQ The phpMyFAQ Team has learned of a security issues that'd been discovered in phpMyFAQ 4.0.0-RC.5 and earlier. An information disclosure vulnerability has been discovered in the phpMyFAQ application. This vulnerability reveals the database username and password if the database is not available.
If the database is not available, the database username and password are shown in the error message.
The phpMyFAQ Team has released the new phpMyFAQ version 4.0.0, which fixes the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 4.0.0.
The phpMyFAQ team would like to thank geo-chen for the responsible disclosures of this vulnerability.