CVE-2025-59943
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-10-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpmyfaq | phpmyfaq | 4.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-NVD-CWE-noinfo | |
| CWE-286 | The product does not properly manage a user within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in phpMyFAQ versions 4.0-nightly-2025-10-03 and below allows multiple user accounts to be registered using the same email address because the system does not enforce email uniqueness during registration. Since email addresses are commonly used for password resets, notifications, and administrative actions, this flaw can cause confusion between accounts and, in some cases, may enable privilege escalation or account takeover.
How can this vulnerability impact me? :
The vulnerability can lead to account ambiguity where multiple accounts share the same email address, potentially causing confusion in password resets and notifications. In certain configurations, this may allow attackers to escalate privileges or take over accounts, compromising user security and access control.
What immediate steps should I take to mitigate this vulnerability?
Upgrade phpMyFAQ to version 4.0.13 or later, as this version fixes the issue by enforcing uniqueness of email addresses during user registration.