Description
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USER_ADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and attacker-chosen credentials to create a SuperAdmin account, then authenticate as that account to achieve full instance takeover.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USER_ADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and attacker-chosen credentials to create a SuperAdmin account, then authenticate as that account to achieve full instance takeover. | |
| Title | phpMyFAQ - Privilege Escalation via Missing SuperAdmin Guard in user/add Endpoint | |
| First Time appeared |
Phpmyfaq
Phpmyfaq phpmyfaq |
|
| Weaknesses | CWE-269 | |
| CPEs | cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Phpmyfaq
Phpmyfaq phpmyfaq |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T11:25:33.496Z
Reserved: 2026-06-26T17:58:05.796Z
Link: CVE-2026-57996
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T21:15:04Z
Weaknesses
-
CWE-269
Improper Privilege Management