phpMyFAQ duplicate email registration allows multiple accounts with the same...

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.

Basic Information

ID CVE-2025-59943

Source GitHub_M

Published Oct 3, 2025 at 20:06

Affected Product

Vendor thorsten

Product phpMyFAQ

Version >= 4.0.7, < 4.0.13

Affected Versions thorsten phpMyFAQ >= 4.0.7, < 4.0.13

CWE Classification

CWE-286 CWE-284

References

{
    "lastseen": "",
    "description": "phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.",
    "published": "2025-10-03T20:06:09.404Z",
    "modified": "2025-10-03T20:06:09.404Z",
    "type": "cve",
    "title": "phpMyFAQ duplicate email registration allows multiple accounts with the same email",
    "source": "GitHub_M",
    "references": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74j\nhttps://github.com/thorsten/phpMyFAQ/commit/44cd20f86eb041f39d1c30a9beefad1cc61dc0ec",
    "id": "CVE-2025-59943",
    "bulletinFamily": "",
    "cwe": [
        "CWE-286",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "thorsten phpMyFAQ >= 4.0.7, < 4.0.13",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "phpMyFAQ",
    "version": ">= 4.0.7, < 4.0.13",
    "vendor": "thorsten",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

phpMyFAQ duplicate email registration allows multiple accounts with the same email_CVE-2025-59943