logo

Database

Security controls bypass or absence In thorsten/phpmyfaq

Description

thorsten/phpmyfaq vulnerable to authentication bypass thorsten/phpmyfaq prior to 3.1.12 is vulnerable to authentication bypass by capture-relay that allows unlimited comments to be sent. This has been fixed in 3.1.12.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-18862. NVD-2023-18863. OSV-2023-18864. GCVE-2023-1886

References

1. https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a2. https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.