CVE-2025-62519

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.14

Description phpMyFAQ is an open source FAQ web application. A privileged user with 'Configuration Edit' permissions can execute arbitrary SQL commands due to an authenticated SQL injection flaw in the main configuration update functionality. Successful exploitation could lead to a full compromise of the database, including the ability to read, modify, or delete all data, and potentially enable remote code execution depending on the database configuration.

Recommendations Update phpMyFAQ to version 4.0.14 or later.