CVE-2026-48488
LowCVSS 2.7Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
phpMyFAQ is an open source FAQ web application. In versions prior to 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm vulnerable to collision attacks.
Risk Assessment
Using SHA-1 for password hashing exposes the organization to the risk of attackers conducting collision attacks, potentially leading to unauthorized access to attachments.
Recommendation
It is recommended to upgrade phpMyFAQ to version 4.1.4 or later to mitigate this vulnerability.
Original NVD description (English source)
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4 fixes the issue.

