{"uuid": "16b7ccd8-cb87-4099-9ecd-fb11e46ebf87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48488", "type": "seen", "source": "https://gist.github.com/alon710/e0871f429bd0cd1c539be9054ab3870b", "content": "# CVE-2026-48488: CVE-2026-48488: Weak Cryptographic Hash (SHA-1) Usage for Attachment Encryption Keys in phpMyFAQ\n\n> **CVSS Score:** 2.7\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48488\n\n## Summary\nPrior to version 4.1.4, phpMyFAQ used the cryptographically broken SHA-1 algorithm to hash custom attachment encryption keys stored in the database. Attackers with database access can recover these plaintext keys through offline brute-force attacks and subsequently decrypt sensitive file attachments.\n\n## TL;DR\nphpMyFAQ stored SHA-1 hashes of custom attachment encryption keys in the database. Attackers gaining database read access can rapidly crack these hashes offline to decrypt sensitive attachments.\n\n## Technical Details\n\n- **CWE ID**: CWE-328 (Use of Weak Hash)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 2.7 (Low)\n- **EPSS Score**: 0.00182\n- **Impact**: Low (Confidentiality compromise of encrypted attachments)\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- phpMyFAQ\n- **phpMyFAQ**: < 4.1.4 (Fixed in: `4.1.4`)\n\n## Mitigation\n\n- Upgrade phpMyFAQ to version 4.1.4 or higher\n- Manually sanitize historical SHA-1 hashes from the database\n- Rotate attachment encryption keys if a database breach has occurred\n\n**Remediation Steps:**\n1. Upgrade the phpMyFAQ application code to version 4.1.4 or later\n2. Run the SQL command to clear legacy columns: UPDATE faqattachment SET password_hash = NULL;\n3. Audit database read access logs to ensure no unauthorized access has occurred\n\n## References\n\n- [GHSA-58fg-62fg-3fcj: Weak Cryptography in phpMyFAQ Attachment Keys](https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-58fg-62fg-3fcj)\n- [Fix Commit: Remove password hashing and password property from Attachment](https://github.com/thorsten/phpMyFAQ/commit/1aa9be6f8a2fa5c527c983826205229fc3129718)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48488) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T06:12:05.000000Z"}