9 matches found
CVE-2026-45009
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
Duplicate Advisory: phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jrc5-w569-h7h5. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows...
CVE-2026-45009
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
CVE-2026-45009
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
EUVD-2026-30592
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
CVE-2026-45009 phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
CVE-2026-45009
CVE-2026-45009 affects phpMyFAQ prior to 4.1.2. The issue is an insufficient authorization check in admin-api routes, allowing authenticated ordinary users to access administrative endpoints without verifying backend privileges. This can expose sensitive backend information such as dashboard vers...
CVE-2026-45009 phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
PT-2026-41356
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...