phpmyfaq is vulnerable to Improper Access Control. Improper checks in commentDisabled
function of Faq.php
allows a remote authenticated attacker to comment in inactive FAQ NEWS even when the comment section is disabled, resulting in broken access control.
CPE | Name | Operator | Version |
---|---|---|---|
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 | |
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 |