Improper Access Control

2023-05-1012:52:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

phpmyfaq

improper access control

vulnerability

email validation

ajax service

EPSS

0.002

Percentile

60.9%

JSON

thorsten/phpmyfaq is vulnerable to Improper Access Control. The vulnerability exists due to the lack of validation of email addresses in ajaxservice.php which allows an attacker to take over another account.

References

github.com/advisories/GHSA-r69v-q48g-3966

github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24

huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540

huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540/

EPSS

0.002

Percentile

60.9%

JSON

Related for VERACODE:40465