Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 30 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-value permissions to a group they belong to, inheriting those rights and escalating privileges up to full administrative control. | |
| Title | phpMyFAQ - Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions | |
| First Time appeared |
Phpmyfaq
Phpmyfaq phpmyfaq |
|
| Weaknesses | CWE-269 | |
| CPEs | cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Phpmyfaq
Phpmyfaq phpmyfaq |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-30T22:08:42.294Z
Reserved: 2026-06-26T17:58:05.796Z
Link: CVE-2026-57995
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T23:45:05Z