GHSA-xww4-w6ff-5q3g

Source

https://github.com/advisories/GHSA-xww4-w6ff-5q3g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-xww4-w6ff-5q3g/GHSA-xww4-w6ff-5q3g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xww4-w6ff-5q3g

Aliases

CVE-2023-1762

Published

2023-03-31T03:30:30Z

Modified

2023-11-08T04:11:19.691093Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management

Details

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to privilege escalation from improper privilege management. Any user with the ability to add a new user can create a user with super admin rights. This has been fixed in 3.1.12.

Database specific

{
    "nvd_published_at": "2023-03-31T02:15:00Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-269"
    ],
    "github_reviewed_at": "2023-04-07T15:15:02Z",
    "github_reviewed": true
}

References

Affected packages

Packagist / thorsten/phpmyfaq

Package

Name: thorsten/phpmyfaq
Purl: pkg:composer/thorsten/phpmyfaq

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.12

Affected versions

2.*

2.8.0-alpha2

2.8.0-alpha3

2.8.0-beta

2.8.0-beta2

2.8.0-beta3

2.8.0-RC

2.8.0-RC2

2.8.0-RC3

2.8.0-RC4

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.8.10

2.8.11

2.8.12

2.8.13

2.8.14

2.8.15

2.8.16

2.8.17

2.8.18

2.8.19

2.8.20

2.8.21

2.8.22

2.8.23

2.8.24

2.8.25

2.8.26

2.8.27

2.8.28

2.8.29

2.9.0-alpha

2.9.0-alpha2

2.9.0-alpha3

2.9.0-alpha4

2.9.0-beta

2.9.0-beta2

2.9.0-rc

2.9.0-rc2

2.9.0-rc3

2.9.0-rc4

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

2.9.10

2.9.11

2.9.12

2.9.13

2.10.0-alpha

3.*

3.0.0-alpha

3.0.0-alpha.2

3.0.0-alpha.3

3.0.0-alpha.4

3.0.0-beta

3.0.0-beta.2

3.0.0-beta.3

3.0.0-RC

3.0.0-RC.2

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.1.0-alpha

3.1.0-alpha.2

3.1.0-alpha.3

3.1.0-beta

3.1.0-RC

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11