CVE-2025-69200 Scanner

phpMyFAQ is a widely used open-source FAQ software implemented in PHP. It is commonly used by organizations and communities to effectively manage and answer frequently asked questions. Users ranging from individual site owners to large enterprises install phpMyFAQ to improve customer support and knowledge management. This software allows for the creation, organization, and maintenance of a FAQ section on websites, reducing the workload on support teams. By providing self-serve information to users, phpMyFAQ streamlines customer service processes. The platform is designed to be extensible with plugins and can be integrated into existing web platforms.

The information disclosure vulnerability in phpMyFAQ is significant, allowing unauthenticated users to generate and download configuration backup ZIP files. This is primarily due to improper access controls that do not adequately restrict access to backup generation functions. Attackers leveraging this vulnerability can access sensitive configuration files stored in the system. Such files often contain sensitive data, including database credentials. This vulnerability has a wide impact range, affecting all users with potentially exposed systems. It requires immediate remediation to prevent unauthorized access and data breaches.

This vulnerability is located within the setup process of phpMyFAQ versions 4.0.16 and older. The vulnerable endpoint is accessed via a POST request to '/api/setup/backup', requiring no authentication. Attackers can exploit the endpoint to trigger the generation of a backup file in ZIP format. The vulnerability stems from a lack of proper authentication checks and improper handling of backup requests. The resulting backup file can thus be downloaded freely, enabling attackers to access its contents. Information within these files can be extracted due to JSON responses that include direct references to the backup file.

If exploited, the vulnerability can lead to severe security breaches. Attackers may gain unauthorized access to sensitive database credentials stored within the configuration files. This could allow them to manipulate the database, steal data, or escalate privileges within the application. They could potentially disrupt application functionality or exploit further vulnerabilities in the system. Ultimately, this may lead to data theft, loss of service, or misuse of application resources. Such compromises pose new risks, enabling attackers to perform subsequent unauthorized actions across interconnected systems.

REFERENCES

• https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69200
• https://nvd.nist.gov/vuln/detail/CVE-2025-69200