CVE-2026-24421
BaseFortify
Publication date: 2026-01-24
Last updated on: 2026-01-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpmyfaq | phpmyfaq | to 4.0.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows low-privileged authenticated users to create configuration backups and obtain links to ZIP files containing sensitive data. If these backup files are accessible via the web due to server misconfiguration, confidential information could be exposed. This can lead to unauthorized disclosure of sensitive configuration data, posing a high confidentiality risk without affecting integrity or availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the `/api/setup/backup` endpoint as a non-admin authenticated user. For example, you can use curl commands to authenticate as a low-privileged user and then request the backup endpoint to see if it returns a link to a backup ZIP file. This confirms the presence of the vulnerability. [1]
Can you explain this vulnerability to me?
This vulnerability in phpMyFAQ versions 4.0.14 and below allows any authenticated user, including non-admins, to access the /api/setup/backup endpoint due to flawed authorization logic. The system only checks if a user is authenticated but does not verify if they have administrative or configuration permissions. As a result, non-admin users can trigger a configuration backup and retrieve a link to the backup ZIP file, potentially exposing sensitive data. This issue was fixed in version 4.0.17. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading phpMyFAQ to version 4.0.17 or later, where the authorization checks for the `/api/setup/backup` endpoint have been properly implemented. Additionally, ensure that the API is disabled if not needed, and verify that backup ZIP files are not publicly accessible via the web server to prevent exposure of sensitive data. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows low-privileged authenticated users to trigger configuration backups and obtain links to ZIP files that may contain sensitive data. If these backups are exposed due to server misconfiguration, confidential information could be accessed improperly. This exposure of sensitive data could lead to non-compliance with data protection regulations such as GDPR or HIPAA, which require strict controls over access to sensitive information and proper authorization mechanisms. Therefore, this vulnerability poses a risk to compliance with such standards by potentially enabling unauthorized data disclosure. [1]