phpMyFAQ SQL Injection Vulnerability in Configuration Update Functionality

A SQL injection vulnerability has been identified in phpMyFAQ versions prior to 4.0.14. This vulnerability allows authenticated users with 'Configuration Edit' permissions to execute arbitrary SQL commands through the main configuration update feature. Exploitation of this vulnerability could lead to a complete compromise of the database, including unauthorized access to, modification of, or deletion of data. Additionally, depending on the database configuration, this vulnerability could allow for remote code execution.

Impact

Exploitation of this vulnerability could result in unauthorized SQL command execution, leading to a full database compromise. This includes the ability to read, modify, or delete all database data. Furthermore, depending on the database configuration, it could allow for remote code execution.

Reproduction

To reproduce this vulnerability, an authenticated user with 'Configuration Edit' permissions can send a crafted request to the configuration update endpoint. The request must include a malicious key in the 'edit' form data, which exploits the vulnerability by injecting SQL commands. This can be done using a tool like Burp Suite to intercept and modify the request before it is sent to the server.

Remediation

Users are advised to update phpMyFAQ to version 4.0.14 or later, where this vulnerability has been patched.