Количество 2
Количество 2
CVE-2025-69200
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.
GHSA-9cg9-4h4f-j6fg
phpMyFAQ has unauthenticated config backup download via /api/setup/backup
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-69200 phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue. | CVSS3: 7.5 | 2% Низкий | около 1 месяца назад |
| GHSA-9cg9-4h4f-j6fg phpMyFAQ has unauthenticated config backup download via /api/setup/backup | CVSS3: 7.5 | 2% Низкий | около 1 месяца назад |
Уязвимостей на страницу