CVE-2025-69200
Unknown Unknown - Not Provided
Unauthenticated Backup Download in phpMyFAQ Leads to Data Exposure

Publication date: 2025-12-29

Last updated on: 2025-12-29

Assigner: GitHub, Inc.

Description
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-29
Last Modified
2025-12-29
Generated
2026-06-16
AI Q&A
2025-12-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69200
EUVD
EUVD-2025-205600
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
phpmyfaq phpmyfaq *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-202 When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in phpMyFAQ versions prior to 4.0.16 allows an unauthenticated remote attacker to trigger the creation of a configuration backup ZIP file via a POST request to /api/setup/backup. The attacker can then download this ZIP file from a web-accessible location. The ZIP contains sensitive configuration files, such as database.php, which includes database credentials. This leads to high-impact information disclosure.

Impact Analysis

The vulnerability can lead to the disclosure of sensitive configuration information, including database credentials. This information disclosure can enable attackers to compromise the database and potentially the entire system, leading to further unauthorized access or data breaches.

Mitigation Strategies

Upgrade phpMyFAQ to version 4.0.16 or later, as this version fixes the vulnerability allowing unauthenticated remote attackers to generate and download sensitive configuration backups.

Compliance Impact

The vulnerability leads to high-impact information disclosure by exposing sensitive configuration files, including database credentials. Such exposure can result in unauthorized access to personal or protected data, potentially violating data protection regulations like GDPR and HIPAA that require safeguarding sensitive information. Therefore, this vulnerability negatively affects compliance with these standards by increasing the risk of data breaches and unauthorized data access. [1]

Detection Guidance

You can detect this vulnerability by checking if your phpMyFAQ installation exposes the `/api/setup/backup` endpoint without authentication. A simple way is to send a POST request with any non-empty body to this endpoint and observe if a ZIP file URL is returned. For example, using curl: `curl -X POST -d '4.0.15' http://your-phpmyfaq-domain/api/setup/backup -v` If the response contains a URL to download a ZIP file, your system is vulnerable. Additionally, you can check if the backup ZIP file exists in the publicly accessible directory `content/core/config/`. For example, you can try to access `http://your-phpmyfaq-domain/content/core/config/` or look for ZIP files there. These steps help confirm if the vulnerable endpoint is accessible and exploitable. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69200. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart