DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-W9XH-5F39-VQ89: GHSA-w9xh-5f39-vq89: Authentication Bypass and Account Takeover via Weak Password Recovery in phpMyFAQ

#security #cve #cybersecurity #ghsa

GHSA-w9xh-5f39-vq89: Authentication Bypass and Account Takeover via Weak Password Recovery in phpMyFAQ

Vulnerability ID: GHSA-W9XH-5F39-VQ89
CVSS Score: 7.1
Published: 2026-05-20

phpMyFAQ versions prior to 4.1.3 contain a critical authentication bypass and account takeover vulnerability due to a flawed password recovery mechanism. The application processes password reset requests without requiring cryptographic token verification, allowing unauthenticated attackers to arbitrarily change passwords and lock out legitimate users.

TL;DR

A vulnerability in the phpMyFAQ /api/user/password/update endpoint allows unauthenticated attackers to reset user passwords by supplying a valid username and email address. This lack of token verification leads to account lockouts and potential full account takeover.

⚠️ Exploit Status: POC

Technical Details

  • CVSS Score: 7.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)
  • CWE ID: CWE-640 (Weak Password Recovery Mechanism), CWE-288
  • Attack Vector: Network
  • Authentication Required: None
  • Exploit Status: Proof of Concept available
  • Affected Component: UnauthorizedUserController::updatePassword()

Affected Systems

  • phpMyFAQ (< 4.1.3)
  • phpMyFAQ: < 4.1.3 (Fixed in: 4.1.3)

Exploit Details

  • Research Report: API requests demonstrating enumeration and arbitrary password reset triggers.

Mitigation Strategies

  • Upgrade phpMyFAQ to version 4.1.3 or higher.
  • Implement WAF rules to block unauthenticated HTTP PUT requests to the /api/user/password/update API endpoint.
  • Apply rate limiting on authentication and password reset endpoints to prevent enumeration.

Remediation Steps:

  1. Verify the current running version of phpMyFAQ.
  2. If the version is prior to 4.1.3, schedule an immediate maintenance window.
  3. Download the latest release from the official phpMyFAQ repository.
  4. Apply the update following vendor documentation.
  5. Review application logs for indicators of compromise prior to the update.

References

Read the full report for GHSA-W9XH-5F39-VQ89 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)