CVE-2023-1883

Name of the Vulnerable Software and Affected Versions thorsten/phpmyfaq versions prior to 3.1.12

Description The issue concerns improper access control in the thorsten/phpmyfaq GitHub repository. Specifically, when FAQ News is marked as inactive in settings and comments are enabled, it allows comments to be posted on inactive FAQs.

Recommendations For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider disabling comments on inactive FAQs until the update is applied.