Skip to main content

phpMyFAQ CVE-2026-57995

| EUVDEUVD-2026-40454 HIGH
Improper Privilege Management (CWE-269)
2026-06-30 VulnCheck GHSA-996g-x95h-p2f5
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Remotely reachable admin function (AV:N/AC:L), needs an existing GROUP_EDIT admin account so PR:L, no user interaction, and full app compromise gives C/I/A:H with unchanged scope.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 01, 2026 - 02:16 EUVD
Analysis Generated
Jun 30, 2026 - 23:20 vuln.today

DescriptionCVE.org

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-value permissions to a group they belong to, inheriting those rights and escalating privileges up to full administrative control.

AnalysisAI

Privilege escalation in phpMyFAQ before 4.1.5 lets a delegated administrator holding the GROUP_EDIT right elevate to full administrative control. Because GroupController::updatePermissions never verifies that the caller already possesses the permissions being assigned, a low-privileged admin can grant high-value rights to a group they belong to and inherit those rights. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as GROUP_EDIT delegated admin
Delivery
Open group permissions editor
Exploit
Submit updatePermissions assigning admin rights to own group
Execution
Server skips self-rights check
Persist
Inherit elevated rights via group membership
Impact
Full administrative control of phpMyFAQ

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated phpMyFAQ administrator who holds the GROUP_EDIT permission (PR:L) and is a member of, or can target, a group whose permissions they can edit; the attacker then assigns rights they do not themselves possess via the GroupController::updatePermissions handler. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N, VC/VI/VA:H, score 8.7) describes a network-exploitable, low-complexity attack requiring an existing low-privileged authenticated account (the GROUP_EDIT delegated admin) and yielding full confidentiality, integrity, and availability impact on the application - consistent with complete admin takeover. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A company grants a help-desk lead a phpMyFAQ admin account limited to the GROUP_EDIT capability for managing FAQ author groups. That user opens the group-permissions editor, assigns full administrative rights to a group they are a member of, and reloads - inheriting super-admin control over the entire knowledge base. …
Remediation Vendor-released patch: phpMyFAQ 4.1.5 - upgrade to 4.1.5 or later as the primary fix, per the GHSA advisory (https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pg62-f8g4-4wqh). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all phpMyFAQ deployments, identify current versions, and catalog all users holding GROUP_EDIT permissions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-5865 CRITICAL POC
9.8 Oct 31

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated critical severity (CVSS 9.8

CVE-2023-1886 CRITICAL POC
9.8 Apr 05

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity

CVE-2023-1753 CRITICAL POC
9.8 Mar 31

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), t

CVE-2022-3754 CRITICAL POC
9.8 Oct 29

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated critical severity (CVSS 9.8), th

CVE-2026-46364 CRITICAL POC
9.3 May 15

Unauthenticated SQL injection in phpMyFAQ before 4.1.2 allows remote attackers to extract credentials, admin tokens, and

CVE-2017-15730 HIGH POC
8.8 Oct 22

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. Rated high severity (CVS

CVE-2017-15808 HIGH POC
8.8 Oct 23

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2017-15735 HIGH POC
8.8 Oct 22

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. Rated high severity (CVSS

CVE-2017-15734 HIGH POC
8.8 Oct 22

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. Rated high severity (CVSS 8

CVE-2024-28107 HIGH POC
8.8 Mar 25

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severi

CVE-2024-27299 HIGH POC
8.8 Mar 25

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severi

CVE-2023-1762 HIGH POC
8.8 Mar 31

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated high severity (CVSS 8.8), th

Share

CVE-2026-57995 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy