phpMyFAQ phpMyFAQ The phpMyFAQ Team has learned of a security issues that'd been discovered in phpMyFAQ 4.0.0 and earlier. A User Interface (UI) Misrepresentation of Critical Information vulnerability has been discovered in the phpMyFAQ application.
A vulnerability exists in phpMyFAQ where a privileged attacker can trigger a file download on a victim's machine upon a page visit by embedding it in an iframe element without user interaction or explicit consent.
The phpMyFAQ Team has released the new phpMyFAQ version 4.0.1, which fixes the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 4.0.1.
The phpMyFAQ team would like to thank geo-chen for the responsible disclosures of this vulnerability.