Impact
The vulnerability exists in phpMyFAQ versions before 4.1.4 where the editUser() and updateUserRights() functions lack proper authorization checks. An attacker who is already authenticated as a user with edit_user permissions can set the is_superadmin flag or grant arbitrary rights in order to obtain SuperAdmin access. This elevates the attacker’s capabilities beyond those of a normal user and grants full control over the application and its data.
Affected Systems
The affected product is phpMyFAQ, a web‑based FAQ solution. All deployments running any version older than 4.1.4 are susceptible to this flaw; patched releases start with 4.1.4. No specific platform or operating system is required for the exploit to succeed.
Risk and Exploitability
With a CVSS score of 8.7 the flaw is considered high severity. An authenticated attacker can exploit it without network or local privileges beyond being logged in. Because the attack vector is purely internal—requiring the attacker to have any user account with edit_user rights—the risk is significant for organizations that grant these permissions broadly. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so no publicly documented exploits are known at the time of this analysis.
OpenCVE Enrichment