John Cox has posted a new security issue with the paFaq FAQ/knowledge base system from the PHP Security Mailing List today.

I have never used paFAQ, and in fact, I had never heard of the application until today. However, in this security announcement there is a very good explanation about how a SQL Injection problem occurs:

The variable $username is taken directly from the submitted login form and executed in the query, so if magic quotes gpc is off an attacker can use UNION SELECT to bypass admin authentication!

He also notes that it seems like a lot of developers don't quite understand what make a SQL injection and why they can be so dangerous. He recommends this article from Steve Friedl as a good resource. Also of note, the response of the paFAQ developers - none. They didn't respond or issue a new version on their site (or even an announcement, for that matter). Definitely the wrong way to handle it...