CVE-2023-1762

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions thorsten/phpmyfaq versions prior to 3.1.12

Description The issue concerns improper privilege management, allowing any user who can add a new user to create a user with super admin rights. This has been fixed in version 3.1.12.

Recommendations For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider restricting the ability to add new users to prevent potential privilege escalation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2023-1762

GHSA-XWW4-W6FF-5Q3G

Affected Products

Thorsten/Phpmyfaq

CVE-2023-1762

Weakness Enumeration

Related Identifiers

Affected Products

References · 8