CNNVD-202601-4256 Information

CNNVD ID

CNNVD-202601-4256

Related CVE

CVE-2026-24421

• CNNVD Published: 2026-01-24

Description (Chinese)

phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 4.0.16及之前版本存在安全漏洞，该漏洞源于授权逻辑缺陷，可能导致非管理员用户触发配置备份并获取其路径。

Description (English)

phpMyFAQ is a multilingual, database-driven, common-question answer system for Thorsten Rinne personal developers. phpMyFAQ 4.0.16 and previous versions have a security loophole, which stems from a logical defect in the delegation of authority, which may result in non-administrator users triggering configuration backup and accessing their path.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-24

Last Modified

2026-02-24

References

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g https://access.redhat.com/security/cve/cve-2026-24421

Patch

https://www.phpmyfaq.de/download/