Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN668 _____________________________________________________________________ DATE : 07/10/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running phpMyFAQ versions prior to 4.0.12. ===================================================================== https://www.phpmyfaq.de/security/advisory-2025-10-03 _____________________________________________________________________ Security Advisory 2025-10-03 Duplicate email registration allows multiple accounts with the same email in phpMyFAQ Issued on: 2025-10-03 Software: phpMyFAQ <= 4.0.12 Risk: High Platforms: all The phpMyFAQ Team has learned of a security issue that'd been discovered in phpMyFAQ 4.0.12 and earlier. It's possible to create duplicate email registration allows multiple accounts with the same email in phpMyFAQ. Description Due to insufficient validation of email addresses during the user registration process, it is possible to register multiple user accounts using the same email address. This vulnerability can lead to confusion in user management, potential unauthorized access to user-specific features, and complications in password recovery processes. Solution The phpMyFAQ Team has released the new phpMyFAQ version 4.0.13, which fixes the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version. Workaround There's no workaround except installing phpMyFAQ 4.0.13. Thanks The phpMyFAQ team would like to thank halas98 for the responsible disclosures of this vulnerability. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================