CVE-2025-59943

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0-nightly-2025-10-03 and below

Description phpMyFAQ does not enforce uniqueness of email addresses during user registration, allowing multiple distinct accounts to be created with the same email. This can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. Email is often used as an identifier for password resets, notifications, and administrative actions. The issue allows attackers to register multiple accounts under the same email address, potentially resulting in data integrity loss, password reset ambiguity, and privilege escalation. An attacker controlling the email may escalate privileges if one account with the same email has administrative privileges.

Recommendations Update phpMyFAQ to version 4.0.13 or later.