CVE-2026-35671
8.8 HIGHphpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows auth...
Published: 2026-05-28 · Last updated: 2026-05-30
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-266
Description
phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to SuperAdmin by modifying the userId parameter in the overwrite-password API request.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-35671
- [Other]https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-xvp4-phqj-cjr3
- [Other]https://www.vulncheck.com/advisories/phpmyfaq-insecure-direct-object-reference-in-user-password-api
- [Other]https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-xvp4-phqj-cjr3
Related CVEs
Same CWE
- CVE-2026-53862 — OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with... (4.2 MEDIUM)
- CVE-2026-53847 — OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators wit... (5.4 MEDIUM)
- CVE-2026-49780 — Customer Privilege Escalation in Dokan <= 5.0.2 versions (8.8 HIGH)
- CVE-2026-49083 — Contributor Privilege Escalation in LatePoint <= 5.5.1 versions (7.5 HIGH)
- CVE-2026-49063 — Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions (7.3 HIGH)