CVE-2025-69200
Unauthenticated Backup Download in phpMyFAQ Leads to Data Exposure
Publication date: 2025-12-29
Last updated on: 2025-12-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpmyfaq | phpmyfaq | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-202 | When trying to keep information confidential, an attacker can often infer some of the information by using statistics. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in phpMyFAQ versions prior to 4.0.16 allows an unauthenticated remote attacker to trigger the creation of a configuration backup ZIP file via a POST request to /api/setup/backup. The attacker can then download this ZIP file from a web-accessible location. The ZIP contains sensitive configuration files, such as database.php, which includes database credentials. This leads to high-impact information disclosure.
How can this vulnerability impact me? :
The vulnerability can lead to the disclosure of sensitive configuration information, including database credentials. This information disclosure can enable attackers to compromise the database and potentially the entire system, leading to further unauthorized access or data breaches.
What immediate steps should I take to mitigate this vulnerability?
Upgrade phpMyFAQ to version 4.0.16 or later, as this version fixes the vulnerability allowing unauthenticated remote attackers to generate and download sensitive configuration backups.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability leads to high-impact information disclosure by exposing sensitive configuration files, including database credentials. Such exposure can result in unauthorized access to personal or protected data, potentially violating data protection regulations like GDPR and HIPAA that require safeguarding sensitive information. Therefore, this vulnerability negatively affects compliance with these standards by increasing the risk of data breaches and unauthorized data access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if your phpMyFAQ installation exposes the `/api/setup/backup` endpoint without authentication. A simple way is to send a POST request with any non-empty body to this endpoint and observe if a ZIP file URL is returned. For example, using curl: `curl -X POST -d '4.0.15' http://your-phpmyfaq-domain/api/setup/backup -v` If the response contains a URL to download a ZIP file, your system is vulnerable. Additionally, you can check if the backup ZIP file exists in the publicly accessible directory `content/core/config/`. For example, you can try to access `http://your-phpmyfaq-domain/content/core/config/` or look for ZIP files there. These steps help confirm if the vulnerable endpoint is accessible and exploitable. [1]