logo

Database

Excessive privileges In thorsten/phpmyfaq

Description

thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management thorsten/phpmyfaq prior to 3.1.12 is vulnerable to privilege escalation from improper privilege management. Any user with the ability to add a new user can create a user with super admin rights. This has been fixed in 3.1.12.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-17622. NVD-2023-17623. OSV-2023-17624. GCVE-2023-1762

References

1. https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f8915142. https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.