Lucene search
Veracode Vulnerability DatabaseVERACODE:40239HistoryApr 20, 2023 - 5:38 p.m.
Business Logic Flaws
2023-04-2017:38:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
phpmyfaq
business logic flaws
vulnerability
record.add.php
user permission checks
authenticated attacker
edit-only permissions
categories
faqs
software
0.001 Low
EPSS
Percentile
20.2%
phpmyfaq is vulnerable to Business Logic Flaws. The vulnerability exists in record.add.php due to improper user permission checks which allows an authenticated attacker with edit-only permissions to add and delete categories or add FAQs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thorsten/phpmyfaq | le | 3.1.11 | |
| phpmyfaq/phpmyfaq | le | 3.1.11 | |
| thorsten/phpmyfaq | le | 3.1.11 | |
| phpmyfaq/phpmyfaq | le | 3.1.11 |
Related
cve
cve
CVE-2023-1887
2023-04-05 17:15:07
cvelist
cvelist
CVE-2023-1887 Business Logic Errors in thorsten/phpmyfaq
2023-04-05 00:00:00
nvd
nvd
CVE-2023-1887
2023-04-05 17:15:07
github
github
thorsten/phpmyfaq vulnerable to business logic errors
2023-04-05 18:30:18
osv
osv
thorsten/phpmyfaq vulnerable to business logic errors
2023-04-05 18:30:18
CVE-2023-1887
2023-04-05 17:15:07
huntr
huntr
User with only "edit" can delete post and somethimes can add post
2023-02-15 00:10:57
prion
prion
Code injection
2023-04-05 17:15:00
openvas
openvas
phpMyFAQ < 3.1.12 Multiple Vulnerabilities
2023-04-04 00:00:00