CVE-2025-59943

High CVSS: 8.1

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.

Vendor

Phpmyfaq

Product

Phpmyfaq

CWE

CWE-284

Yayın Tarihi

2025-10-03 21:15:34

Güncelleme

2025-10-10 16:35:13

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Phpmyfaq HIGH Phpmyfaq 2025

Referanslar

https://github.com/thorsten/phpMyFAQ/commit/44cd20f86eb041f39d1c30a9beefad1cc61dc0ec https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74j https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74j

Benzer Kayıtlar

Medium

CVE-2026-34973

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/p…

Medium

CVE-2026-34974

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSa…

Medium

CVE-2026-34729

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex By…

High

CVE-2026-34728

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl…

Medium

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest F…

High

CVE-2026-27836

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/p…