CVE-2023-1883

MEDIUM5.4EPSS 0.40%

thorsten/phpmyfaq vulnerable to improper access control

發布日:2023/4/5修改日:2023/11/8

描述

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12.

受影響套件(1)

Packagist/thorsten/phpmyfaqfrom 0, < 3.1.12

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-1883
PATCHhttps://github.com/thorsten/phpMyFAQ
WEBhttps://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503
WEBhttps://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191