DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-9QV9-8XV6-5P35: GHSA-9qv9-8xv6-5p35: Unauthenticated Password Reset and Enumeration Flaw in phpMyFAQ

#security #cve #cybersecurity #ghsa

GHSA-9qv9-8xv6-5p35: Unauthenticated Password Reset and Enumeration Flaw in phpMyFAQ

Vulnerability ID: GHSA-9QV9-8XV6-5P35
CVSS Score: 7.0
Published: 2026-05-20

phpMyFAQ versions 4.1.2 and prior contain a critical logic flaw in the REST API password recovery mechanism. The endpoint processes password resets in a single, unauthenticated step, allowing remote attackers to forcefully change database credentials for arbitrary accounts while facilitating user enumeration through observable response discrepancies.

TL;DR

A weak password recovery mechanism in phpMyFAQ <= 4.1.2 allows unauthenticated attackers to force password resets for targeted users and enumerate valid accounts. The system immediately updates the database password upon receiving a matching username and email, bypassing standard token-based verification.

⚠️ Exploit Status: POC

Technical Details

  • CVSS Score: 7.0 (High)
  • Attack Vector: Network
  • Privileges Required: None
  • User Interaction: None
  • CWE ID: CWE-640, CWE-204
  • Exploit Status: Proof of Concept Available

Affected Systems

  • phpMyFAQ REST API
  • phpMyFAQ Frontend Controller
  • phpMyFAQ: <= 4.1.2 (Fixed in: 4.1.3)

Exploit Details

  • Context Research: HTTP PUT request targeting /api/index.php/user/password/update with JSON body containing known username and email.

Mitigation Strategies

  • Upgrade phpMyFAQ to version 4.1.3 or later.
  • Implement strict rate limiting on unauthenticated REST API endpoints.
  • Deploy Web Application Firewall (WAF) rules to restrict access to the /api/index.php/user/password/update endpoint.

Remediation Steps:

  1. Verify current phpMyFAQ installation version.
  2. Backup the phpMyFAQ database and file system.
  3. Download the official phpMyFAQ 4.1.3 release from the vendor repository.
  4. Apply the update following the official phpMyFAQ upgrade documentation.
  5. Verify the application REST API responses no longer exhibit differential behavior for invalid users.

References

Read the full report for GHSA-9QV9-8XV6-5P35 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)