CVE-2023-1887

Name of the Vulnerable Software and Affected Versions thorsten/phpmyfaq versions prior to 3.1.12

Description The issue concerns business logic errors in the thorsten/phpmyfaq GitHub repository. Specifically, users with edit-only permissions could add and delete categories and add FAQs, despite their limited permissions. This has been fixed in version 3.1.12.

Recommendations For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider restricting edit-only permissions to prevent unauthorized category and FAQ management until the update is applied.