Security Advisory 2025-10-03
Duplicate email registration allows multiple accounts with the same email in phpMyFAQ
- Issued on:
- 2025-10-03
- Software:
- phpMyFAQ <= 4.0.12
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of a security issue that'd been discovered in phpMyFAQ 4.0.12 and
earlier. It's possible to create duplicate email registration allows multiple accounts with the same email in phpMyFAQ.
Description
Due to insufficient validation of email addresses during the user registration process,
it is possible to register multiple user accounts using the same email address.
This vulnerability can lead to confusion in user management, potential unauthorized access to user-specific features,
and complications in password recovery processes.
Solution
The phpMyFAQ Team has released the new phpMyFAQ version 4.0.13, which fixes the vulnerability. All
users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 4.0.13.
Thanks
The phpMyFAQ team would like to thank halas98 for the
responsible disclosures of this vulnerability.