CVE-2026-35671

Sažetak

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to SuperAdmin by modifying the userId parameter in the overwrite-password API request.

Reference

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-xvp4-phqj-cjr3
https://www.vulncheck.com/advisories/phpmyfaq-insecure-direct-object-reference-in-user-password-api
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-xvp4-phqj-cjr3

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

30-05-2026 - 02:16

Objavljeno

28-05-2026 - 16:16