9.8

CVE-2025-59943

Exploit

EPSS 0.06%
Veröffentlicht 03.10.2025 20:06:09
Zuletzt bearbeitet 10.10.2025 16:35:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpmyfaq ≫ Phpmyfaq Version4.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-286 Incorrect User Management

The product does not properly manage a user within its environment.

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74j

Vendor Advisory

Exploit

https://github.com/thorsten/phpMyFAQ/commit/44cd20f86eb041f39d1c30a9beefad1cc61dc0ec

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-59943

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59943

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59943

EUVD