thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
High severity
GitHub Reviewed
Published
Mar 31, 2023
to the GitHub Advisory Database
•
Updated Apr 7, 2023
Description
Published by the National Vulnerability Database
Mar 31, 2023
Published to the GitHub Advisory Database
Mar 31, 2023
Reviewed
Apr 7, 2023
Last updated
Apr 7, 2023
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to privilege escalation from improper privilege management. Any user with the ability to add a new user can create a user with super admin rights. This has been fixed in 3.1.12.
References