Home

Description

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access sensitive backend operational information including dashboard versions, LDAP configuration, Elasticsearch statistics, and health-check data.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-15 | Updated 2026-05-15 | Assigner VulnCheck




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

Incorrect Authorization

Product status

Default status
unaffected

4.1.1 (semver) before 4.1.2
affected

4.1.2 (semver)
unaffected

Credits

kitu232 reporter

References

github.com/...pMyFAQ/security/advisories/GHSA-jrc5-w569-h7h5 exploit

github.com/...pMyFAQ/security/advisories/GHSA-jrc5-w569-h7h5 (GHSA Advisory GHSA-jrc5-w569-h7h5) vendor-advisory

www.vulncheck.com/...horization-check-in-admin-api-endpoints (VulnCheck Advisory: phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints) third-party-advisory

cve.org (CVE-2026-45009)

nvd.nist.gov (CVE-2026-45009)

Download JSON