-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe patch shows the vulnerable code was in the user update logic where password validation occurred. The original code only checked password length when passwords were provided, but didn't handle cases where passwords weren't changed during user updates. This allowed maintaining weak existing passwords. The fix explicitly resets passwords in the 'no change' scenario to force proper validation. The file path and code pattern match the CWE-521 description of weak password requirements through incomplete validation logic.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| thorsten/phpmyfaq | composer | < 3.1.12 | 3.1.12 |
A Semantic Attack on Google Gemini - Read the Latest Research