High severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025
phpMyFAQ duplicate email registration allows multiple accounts with the same email
CVE-2025-59943
Description
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thorsten/phpmyfaqPackagist | >= 4.0.7, < 4.0.13 | 4.0.13 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-9wj2-4hcm-r74jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59943ghsaADVISORY
- github.com/thorsten/phpMyFAQ/commit/44cd20f86eb041f39d1c30a9beefad1cc61dc0ecghsax_refsource_MISCWEB
- github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74jghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.