Name of the Vulnerable Software and Affected Versions:

thorsten/phpmyfaq versions prior to 3.1.12

Description:

The issue concerns business logic errors in the thorsten/phpmyfaq GitHub repository. Specifically, users with edit-only permissions could add and delete categories and add FAQs, despite their limited permissions. This has been fixed in version 3.1.12.

Recommendations:

For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider restricting edit-only permissions to prevent unauthorized category and FAQ management until the update is applied.