Lucene search
GitHub Advisory DatabaseGHSA-4CR4-X82X-HWM9HistoryApr 05, 2023 - 6:30 p.m.
thorsten/phpmyfaq vulnerable to authentication bypass
2023-04-0518:30:18
CWE-294
GitHub Advisory Database
github.com
10
thorsten
phpmyfaq
vulnerability
authentication bypass
capture-relay
comments
software
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.8%
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to authentication bypass by capture-relay that allows unlimited comments to be sent. This has been fixed in 3.1.12.
Affected configurations
Node
thorstenphpmyfaqRange<3.1.12
| CPE | Name | Operator | Version |
|---|---|---|---|
| thorsten/phpmyfaq | lt | 3.1.12 |
Related
osv
osv
thorsten/phpmyfaq vulnerable to authentication bypass
2023-04-05 18:30:18
CVE-2023-1886
2023-04-05 17:15:07
cvelist
cvelist
CVE-2023-1886 Authentication Bypass by Capture-replay in thorsten/phpmyfaq
2023-04-05 00:00:00
cve
cve
CVE-2023-1886
2023-04-05 17:15:07
veracode
veracode
Authentication Bypass
2023-04-20 17:16:13
prion
prion
Authentication flaw
2023-04-05 17:15:00
nvd
nvd
CVE-2023-1886
2023-04-05 17:15:07
huntr
huntr
Captcha Bypass allows sending unlimited Comments
2023-02-14 21:58:34
openvas
openvas
phpMyFAQ < 3.1.12 Multiple Vulnerabilities
2023-04-04 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
54.8%
Related for GHSA-4CR4-X82X-HWM9