HIGH
phpMyFAQ
CVE published 2026-06-21
CVE-2026-56396
CVE-2026-56396 is a high-severity vulnerability in phpMyFAQ, a popular open-source FAQ management system. The vulnerability has a CVSS score of 8.7 and allows authenticated administrators to escalate privileges due to missing authorization in the editUser() and updateUserRights() endpoints. Non-SuperAdmin users with edit_user permission can set the is_superadmin flag or grant arbitrary rights to escalate [truncated]