Skip to main content

phpMyFAQ CVE-2026-56396

| EUVDEUVD-2026-38162 HIGH
Missing Authorization (CWE-862)
2026-06-21 VulnCheck GHSA-q82q-6rfm-h9vp
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable web endpoint (AV:N), no special conditions (AC:L), requires an authenticated admin with edit_user (PR:L), no victim interaction (UI:N); full app takeover gives C/I/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 22, 2026 - 07:50 vuln.today
Patch available
Jun 21, 2026 - 15:31 EUVD

DescriptionCVE.org

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access.

AnalysisAI

Privilege escalation in phpMyFAQ before 4.1.4 allows authenticated non-SuperAdmin users holding the edit_user permission to promote themselves to SuperAdmin via missing authorization checks in the editUser() and updateUserRights() endpoints. The flaw lets a low-tier administrator set the is_superadmin flag or grant arbitrary rights, fully compromising the FAQ application; publicly available exploit code exists is not asserted, and at time of analysis no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-tier admin with edit_user rights
Delivery
Locate editUser/updateUserRights endpoint
Exploit
Submit request setting is_superadmin or full rights mask
Execution
Backend skips authorization check and persists change
Persist
Re-authenticate or reload session with SuperAdmin role
Impact
Full takeover of phpMyFAQ instance and content

Vulnerability AssessmentAI

Exploitation Attacker must already hold an authenticated phpMyFAQ administrator session that has been granted the edit_user permission (a non-SuperAdmin delegated user-management role); they then invoke the editUser() or updateUserRights() endpoints with crafted parameters setting is_superadmin or arbitrary rights. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H yields 8.7, accurately reflecting network-reachable, low-complexity exploitation by an already-authenticated low-privilege admin user. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A staff member granted only the edit_user permission to handle routine account maintenance logs into the phpMyFAQ admin panel and issues an authenticated request to updateUserRights() (or editUser()) that toggles is_superadmin=1 on their own account or grants themselves a full rights mask. On the next request they have SuperAdmin access and can read or alter every FAQ entry, attachment, configuration value, and user record. …
Remediation Vendor-released patch: phpMyFAQ 4.1.4 - upgrade immediately per the GitHub Security Advisory at https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-985r-q3qp-299h. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all phpMyFAQ SuperAdmin accounts and review user permission modification logs for unauthorized privilege changes; no public exploit identified at time of analysis, but this vulnerability affects authenticated administrators with user-management permissions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-5865 CRITICAL POC
9.8 Oct 31

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated critical severity (CVSS 9.8

CVE-2023-1886 CRITICAL POC
9.8 Apr 05

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity

CVE-2023-1753 CRITICAL POC
9.8 Mar 31

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), t

CVE-2022-3754 CRITICAL POC
9.8 Oct 29

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated critical severity (CVSS 9.8), th

CVE-2026-46364 CRITICAL POC
9.3 May 15

Unauthenticated SQL injection in phpMyFAQ before 4.1.2 allows remote attackers to extract credentials, admin tokens, and

CVE-2017-15730 HIGH POC
8.8 Oct 22

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. Rated high severity (CVS

CVE-2017-15808 HIGH POC
8.8 Oct 23

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2017-15735 HIGH POC
8.8 Oct 22

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. Rated high severity (CVSS

CVE-2017-15734 HIGH POC
8.8 Oct 22

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. Rated high severity (CVSS 8

CVE-2024-28107 HIGH POC
8.8 Mar 25

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severi

CVE-2024-27299 HIGH POC
8.8 Mar 25

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severi

CVE-2023-1762 HIGH POC
8.8 Mar 31

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated high severity (CVSS 8.8), th

Share

CVE-2026-56396 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy