6.6

CVSS Score

3.0

Basic Information

CVE ID

CVE-2023-2429

GHSA ID

GHSA-r69v-q48g-3966

EPSS Score

0.43482%

CWE

CWE-284

Published

4/30/2023

Updated

1/30/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-2429

CVE-2023-2429:
phpMyFAQ Improper Access Control vulnerability

phpMyFAQ prior to version 3.1.13 does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the system, including email addresses belonging to other users such as the administrator. Once the attacker has control of the other user's email address, they can request to remove the user from the system, leading to a loss of data and access.

(GitHub Advisory)

6.6

CVSS Score

3.0

Basic Information

CVE ID

CVE-2023-2429

GHSA ID

GHSA-r69v-q48g-3966

EPSS Score

0.43482%

CWE

CWE-284

Published

4/30/2023

Updated

1/30/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
thorsten/phpmyfaq	composer	< 3.1.13	3.1.13

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability stems from ajaxservice.php's update handler not verifying email ownership before processing changes. The patch added a critical check comparing the current user's ID with the email's owner ID via getUserIdByEmail(). The User.php function's return type fix (removing int cast) suggests potential type comparison issues exacerbated the vulnerability. Together, these created an insecure chain: 1) Missing ownership check in update flow, 2) Possible type mismatch in user ID comparison.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

p*pMy**Q prior to v*rsion *.*.** *o*s not prop*rly v*li**t* *m*il ***r*ss*s w**n up**tin* us*r pro*il*s. T*is vuln*r**ility *llows *n *tt**k*r to m*nipul*t* t**ir *m*il ***r*ss *n* ***n** it to *not**r *m*il ***r*ss t**t is *lr***y r**ist*r** in t**

Reasoning

T** *or* vuln*r**ility st*ms *rom `*j*xs*rvi**.p*p`'s up**t* **n*l*r not v*ri*yin* *m*il own*rs*ip ***or* pro**ssin* ***n**s. T** p*t** ***** * *riti**l ****k *omp*rin* t** *urr*nt us*r's I* wit* t** *m*il's own*r I* vi* `**tUs*rI**y*m*il()`. T** `Us

6.6

Basic Information

Concerned about an active attack path?

CVE-2023-2429: phpMyFAQ Improper Access Control vulnerability

6.6

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-2429:
phpMyFAQ Improper Access Control vulnerability

Vulnerability Intelligence
Miggo AI