phpMyFAQ

Hi,
I've found a vulnerability that afflict the Ajax File Manager plugin. The vulnerable code is located in /admin/editor/plugins/ajaxfilemanager/ajax_create_folder.php

@ob_start();
displayArray($_POST);
writeInfo(@ob_get_clean());
The writeInfo() function simply write all the $_POST content ...