Authenticated Path Traversal in phpMyFAQ Product by phpMyFAQ
CVE-2026-57961
5.1MEDIUM
What is CVE-2026-57961?
phpMyFAQ prior to version 4.1.5 contains a security vulnerability within the concatenatePaths() function in src/phpMyFAQ/Export/Pdf/Wrapper.php. Users with editing privileges can exploit this flaw by embedding crafted HTML with specific image paths, which are processed during PDF creation. The underlying path resolution mechanism fails to properly handle cases where expected content is not found, allowing the attacker to manipulate file paths. Consequently, this results in file_get_contents() being able to read files outside of the designated content directory, potentially exposing sensitive data.
Affected Version(s)
phpMyFAQ 0 < 4.1.5
phpMyFAQ 4.1.5
