phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass | Advisories

Advisories

phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass

severity: high
date: 5/15/2026
Affecting: phpmyfaq >= 0, < 4.1.2
CVE: CVE-2026-46366
CWE: CWE-863 Incorrect Authorization
CVSS: 7.5
References: GHSA Advisory GHSA-99qv-g4x9-mgc3
Credit: adrgs, aisafe-bot
Description: phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo