CVE-2025-69200

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.16

Description An unauthenticated remote attacker can trigger the generation of a configuration backup ZIP file via the /api/setup/backup API endpoint. The generated ZIP file, accessible via the web, contains sensitive configuration files such as database.php which includes database credentials. This leads to information disclosure and potential compromise. The vulnerable parameter is not specified.

Recommendations Update to version 4.0.16 or later.