CVE-2026-48488

Published: Giu 08, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 2,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4 fixes the issue.

328

Use of Weak Hash

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

Technologies: ICS/OT

View CWE Details

https://github.com/thorsten/phpMyFAQ/commit/1aa9be6f8a2fa5c…

https://github.com/thorsten/phpMyFAQ/commit/1aa9be6f8a2fa5c527c983826205229fc31…

https://github.com/thorsten/phpMyFAQ/security/advisories/GH…

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-58fg-62fg-3fcj

CVE-2026-48488

Description

Use of Weak Hash

Common Consequences

Applicable Platforms

Iscriviti alla newsletter