CVE-2026-48488
phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
9th
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4 fixes the issue.
| CWE | CWE-328 |
| Vendor | thorsten |
| Product | phpmyfaq |
| Published | Jun 8, 2026 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for thorsten phpmyfaq
Be the first to know when new unknown vulnerabilities affecting thorsten phpmyfaq are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
thorsten / phpMyFAQ
< 4.1.4