phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NPhpmyfaq
APPPhpmyfaq4.1.0< 4.0.16
Related vulnerabilities
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1....
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.