PHPMYFAQ 2.9.9 suffer a code injection vulnerability. A user with right to edit translation can inject php code into php files in folder lang.
Conditions to meet :
- User has right to edit translation
- Edit translations is active (folder lang is writable)
PHPMYFAQ 2.9.9 saves translations into files. The file then will be included when the application is set to the language.