CVE-2026-35671

8.8 HIGH
Published: May 28, 2026 Modified: May 30, 2026
View on NVD

Description

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to SuperAdmin by modifying the userId parameter in the overwrite-password API request.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-xvp4-phqj-cjr3
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/phpmyfaq-insecure-direct-object-reference-in-user-password-api
Source: disclosure@vulncheck.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-xvp4-phqj-cjr3
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.8 / 10.0
EPSS (Exploit Probability)
0.3%
22th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-266

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1