PT-2026-41354 · Phpmyfaq · Phpmyfaq

·

CVE-2026-45007

·

Published

2026-05-06

·

Updated

2026-05-15

CVSS v4.0

5.3

Medium

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2
Description Missing permission checks in ConfigurationTabController.php allow any authenticated user to enumerate system configuration metadata, violating least privilege access control. Twelve endpoints under the /admin/api/configuration path incorrectly use the userIsAuthenticated() function, which only verifies if a user is logged in, instead of the userHasPermission(CONFIGURATION EDIT) function, which verifies specific administrative privileges.
This allows users without administrative rights to discover sensitive infrastructure details through the following endpoints:
  • /configuration/translations
  • /configuration/templates
  • /configuration/faqs-sorting-key/{current}
  • /configuration/faqs-sorting-order/{current}
  • /configuration/faqs-sorting-popular/{current}
  • /configuration/perm-level/{current}
  • /configuration/release-environment/{current}
  • /configuration/search-relevance/{current}
  • /configuration/seo-metatags/{current}
  • /configuration/translation-provider/{current}
  • /configuration/mail-provider/{current}
  • /configuration/cache-adapter/{current}
Exposed information includes the permission model, active templates, cache backend (such as redis or memcached), mail provider, translation service, and whether the environment is set to development or production.
Recommendations Update to version 4.1.2 or later. As a temporary workaround, restrict access to the /admin/api/configuration endpoints to only trusted administrative users at the network or server level.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45007
GHSA-P26V-FX3X-R2RP
GHSA-RM98-82FR-MCFX

Affected Products

Phpmyfaq