Security Advisory: CVE-2017-14618 - PHPMyFAQ 2.9.8 - Cross-Site Scripting
OVERVIEW
Severity Rating: Medium
Confirmed Affected Versions: 2.9.8
Confirmed Patched Versions: 2.9.9
Severity Rating: Medium
Confirmed Affected Versions: 2.9.8
Confirmed Patched Versions: 2.9.9
Vendor: phpMyFAQ
Vendor URL: http://www.phpmyfaq.de/
Vector: Remote
Status: Public
CVE: CVE-2017-14618
ExploitDB URL: https://www.exploit-db.com/exploits/42761/
phpMyFAQ Security Advisory: http://www.phpmyfaq.de/security/advisory-2017-10-19
PRODUCT DESCRIPTION
phpMyFAQ is a multilingual, completely database-driven FAQ-system. It supports various databases to store all data, PHP 5.4.4+ or HHVM 3.4.2+ is needed in order to access this data. phpMyFAQ also offers a multi-language Content Management System with a WYSIWYG editor and an Image Manager, flexible multi-user support with user and group based permissions on categories and records, a wiki-like revision feature, a news system, user-tracking, 40+ supported languages, enhanced automatic content negotiation, HTML5/CSS3 based templates, PDF-support, a backup-system, a dynamic sitemap, related FAQs, tagging, RSS feeds, built-in spam protection systems, OpenLDAP and Microsoft Active Directory support, and an easy to use installation script.
phpMyFAQ is developed and maintained by Thorsten Rinne
SUMMARY AND IMPACT
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
In phpMYFAQ Administrator has the privilege to "Add New FAQ" on the phpMyFAQ Portal. The “Questions” field does not properly filter and sanitize the user input which thus, results into a Stored Cross Site Scripting Vulnerability.
Whenever any user visits this portal, the admin’s (attacker’s) malicious JavaScript will be executed by the newly added faq on the user’s browser.
PROOF OF CONCEPT
Vector: Remote
Status: Public
CVE: CVE-2017-14618
ExploitDB URL: https://www.exploit-db.com/exploits/42761/
phpMyFAQ Security Advisory: http://www.phpmyfaq.de/security/advisory-2017-10-19
PRODUCT DESCRIPTION
phpMyFAQ is a multilingual, completely database-driven FAQ-system. It supports various databases to store all data, PHP 5.4.4+ or HHVM 3.4.2+ is needed in order to access this data. phpMyFAQ also offers a multi-language Content Management System with a WYSIWYG editor and an Image Manager, flexible multi-user support with user and group based permissions on categories and records, a wiki-like revision feature, a news system, user-tracking, 40+ supported languages, enhanced automatic content negotiation, HTML5/CSS3 based templates, PDF-support, a backup-system, a dynamic sitemap, related FAQs, tagging, RSS feeds, built-in spam protection systems, OpenLDAP and Microsoft Active Directory support, and an easy to use installation script.
phpMyFAQ is developed and maintained by Thorsten Rinne
SUMMARY AND IMPACT
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
In phpMYFAQ Administrator has the privilege to "Add New FAQ" on the phpMyFAQ Portal. The “Questions” field does not properly filter and sanitize the user input which thus, results into a Stored Cross Site Scripting Vulnerability.
Whenever any user visits this portal, the admin’s (attacker’s) malicious JavaScript will be executed by the newly added faq on the user’s browser.
PROOF OF CONCEPT
WORKAROUNDS
Advisory Update: November 13, 2017
Comments
Post a Comment