Description
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access.
Published: 2026-06-21
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in phpMyFAQ versions before 4.1.4 where the editUser() and updateUserRights() functions lack proper authorization checks. An attacker who is already authenticated as a user with edit_user permissions can set the is_superadmin flag or grant arbitrary rights in order to obtain SuperAdmin access. This elevates the attacker’s capabilities beyond those of a normal user and grants full control over the application and its data.

Affected Systems

The affected product is phpMyFAQ, a web‑based FAQ solution. All deployments running any version older than 4.1.4 are susceptible to this flaw; patched releases start with 4.1.4. No specific platform or operating system is required for the exploit to succeed.

Risk and Exploitability

With a CVSS score of 8.7 the flaw is considered high severity. An authenticated attacker can exploit it without network or local privileges beyond being logged in. Because the attack vector is purely internal—requiring the attacker to have any user account with edit_user rights—the risk is significant for organizations that grant these permissions broadly. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so no publicly documented exploits are known at the time of this analysis.

Generated by OpenCVE AI on June 21, 2026 at 16:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the phpMyFAQ installation to determine whether the current version is 4.1.3 or older and plan an upgrade to 4.1.4 or later as soon as possible
  • If an immediate upgrade is not possible, reduce the user’s edit_user permissions to a strictly required subset and remove the ability to edit the is_superadmin flag or assign rights
  • Verify that all users have the correct role assignments and that only trusted administrators possess edit_user privileges; consider re‑applying least‑privilege principles for routine maintenance

Generated by OpenCVE AI on June 21, 2026 at 16:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access.
Title phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()
First Time appeared Phpmyfaq
Phpmyfaq phpmyfaq
Weaknesses CWE-862
CPEs cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*
Vendors & Products Phpmyfaq
Phpmyfaq phpmyfaq
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Phpmyfaq Phpmyfaq
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T14:19:37.604Z

Reserved: 2026-06-21T12:37:58.434Z

Link: CVE-2026-56396

cve-icon Vulnrichment

Updated: 2026-06-23T14:01:29.677Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T18:30:07Z

Weaknesses