High severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025
phpMyFAQ duplicate email registration allows multiple accounts with the same email
CVE-2025-59943
Description
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thorsten/phpmyfaqPackagist | >= 4.0.7, < 4.0.13 | 4.0.13 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-9wj2-4hcm-r74jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59943ghsaADVISORY
- github.com/thorsten/phpMyFAQ/commit/44cd20f86eb041f39d1c30a9beefad1cc61dc0ecghsax_refsource_MISCWEB
- github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74jghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.