Main Vulnerability Database Vulnerabilities #VU131754

Weak Password Recovery Mechanism for Forgotten Password in phpMyFAQ - #VU131754

Published: May 18, 2026

Vulnerability identifier: #VU131754

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-640

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Thorsten Rinne

Affected software:
phpMyFAQ

Detailed vulnerability description

The vulnerability allows a remote attacker to take over arbitrary user accounts.

The vulnerability exists due to a weak password recovery mechanism in the /api/user/password/update endpoint when handling password reset requests. A remote attacker can send a specially crafted PUT request containing a valid username and associated email address to take over arbitrary user accounts.

The issue can be used against administrative accounts, including SuperAdmin accounts, and no user interaction is required.

Remediation

Install security update from vendor's website.

Sources

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w9xh-5f39-vq89

Weak Password Recovery Mechanism for Forgotten Password in phpMyFAQ - #VU131754

Detailed vulnerability description

Remediation

Sources

Please verify you're human