CNNVD-202601-4253 Information

CNNVD ID

CNNVD-202601-4253

Related CVE

CVE-2026-24422

• CNNVD Published: 2026-01-24

Description (Chinese)

phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 4.0.16及之前版本存在信息泄露漏洞，该漏洞源于访问控制不足，导致多个公共API端点暴露敏感用户信息，可能被用于钓鱼攻击或访问私有内容。

Description (English)

phpMyFAQ is a multilingual, database-driven, common-question answer system for Thorsten Rinne personal developers. phpMyFAQ 4.0.16 and previous versions have information leaks, which stem from inadequate access controls, leading to the exposure of sensitive user information to multiple public API endpoints, which may be used for fishing attacks or access to private content.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

个人开发者

Published

2026-01-24

Last Modified

2026-02-24

References

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc https://access.redhat.com/security/cve/cve-2026-24422

Patch

https://www.phpmyfaq.de/download/