Description
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access sensitive backend operational information including dashboard versions, LDAP configuration, Elasticsearch statistics, and health-check data.
Published: 2026-05-15
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in phpMyFAQ allows authenticated users with ordinary accounts to reach administrative API endpoints because the system only verifies that the user is logged in, not that they possess administrator privileges (CWE‑863). By requesting these endpoints, an attacker can obtain vulnerable administrative information such as dashboard versions, LDAP configuration details, Elasticsearch statistics, and health‑check data.

Affected Systems

The vulnerability affects installations of phpMyFAQ older than version 4.1.2. Users running these releases should be aware of the issue.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to hold a valid authenticated frontend account; after logging in, the attacker can send requests to the protected admin API endpoints and retrieve sensitive information. No remote code execution or denial‑of‑service impact is disclosed.

Generated by OpenCVE AI on May 15, 2026 at 20:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade phpMyFAQ to version 4.1.2 or later to remove the missing authorization check.
  • Ensure that user accounts have appropriate role assignments and that administrative APIs are protected by comprehensive access controls.
  • Audit logs to detect unusual API usage patterns by ordinary users, and implement monitoring or alerting for such activity.

Generated by OpenCVE AI on May 15, 2026 at 20:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Thorsten
Thorsten phpmyfaq
Vendors & Products Thorsten
Thorsten phpmyfaq

Fri, 15 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access sensitive backend operational information including dashboard versions, LDAP configuration, Elasticsearch statistics, and health-check data.
Title phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Thorsten Phpmyfaq
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T20:05:01.715Z

Reserved: 2026-05-08T16:43:53.068Z

Link: CVE-2026-45009

cve-icon Vulnrichment

Updated: 2026-05-15T20:03:49.336Z

cve-icon NVD

Status : Received

Published: 2026-05-15T19:17:01.327

Modified: 2026-05-15T21:16:36.800

Link: CVE-2026-45009

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T20:45:08Z

Weaknesses