CVE-2025-62519

High CVSS: 7.2

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.

Vendor

Phpmyfaq

Product

Phpmyfaq

CWE

CWE-89

Yayın Tarihi

2025-11-17 17:15:50

Güncelleme

2026-01-05 19:34:10

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Phpmyfaq HIGH Phpmyfaq 2025

Referanslar

https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4

Benzer Kayıtlar

Medium

CVE-2026-34973

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/p…

Medium

CVE-2026-34974

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSa…

Medium

CVE-2026-34729

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex By…

High

CVE-2026-34728

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl…

Medium

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest F…

High

CVE-2026-27836

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/p…