CVE 8.8 HIGH

phpMyFAQ – Insecure Direct Object Reference in User Password API_CVE-2026-35671

May 28, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to SuperAdmin by modifying the userId parameter in the overwrite-password API request.

AI Analysis

Insecure direct object reference vulnerability in the admin API user password endpoint

Basic Information

ID CVE-2026-35671

Source VulnCheck

Published May 28, 2026 at 14:13

Modified May 28, 2026 at 14:15

Affected Product

Vendor thorsten

Product phpMyFAQ

Version before 4.1.3

Affected Versions thorsten phpMyFAQ 0

CWE Classification

CWE-266

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor thorsten

Product phpMyFAQ

Version before 4.1.3

References

{
    "lastseen": "",
    "description": "phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to SuperAdmin by modifying the userId parameter in the overwrite-password API request.",
    "published": "2026-05-28T14:13:12.995Z",
    "modified": "2026-05-28T14:15:17.708Z",
    "type": "cve",
    "title": "phpMyFAQ - Insecure Direct Object Reference in User Password API",
    "source": "VulnCheck",
    "references": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-xvp4-phqj-cjr3\nhttps://www.vulncheck.com/advisories/phpmyfaq-insecure-direct-object-reference-in-user-password-api",
    "id": "CVE-2026-35671",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "thorsten phpMyFAQ 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "phpMyFAQ",
    "version": "before 4.1.3",
    "vendor": "thorsten",
    "ai_description": "Insecure direct object reference vulnerability in the admin API user password endpoint",
    "ai_severity": "High",
    "ai_vendor": "thorsten",
    "ai_product": "phpMyFAQ",
    "ai_version": "before 4.1.3",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply