Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ffhb-2kg9-afe2
Summary
Duplicate Advisory: phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-7cx3-2qx2-3g6w. This link is maintained to preserve external references.

### Original Description
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid session cookie, resulting in permanent data loss and disruption of FAQ organization.
Aliases
0
alias GHSA-5h62-f8fg-4w7q
Fixed_packages
0
url pkg:composer/phpmyfaq/phpmyfaq@4.1.2
purl pkg:composer/phpmyfaq/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2
1
url pkg:composer/thorsten/phpmyfaq@4.1.2
purl pkg:composer/thorsten/phpmyfaq@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdxy-3bhf-6ybe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2
Affected_packages
References
0
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-46365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-46365
2
reference_url https://github.com/advisories/GHSA-5h62-f8fg-4w7q
reference_id GHSA-5h62-f8fg-4w7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5h62-f8fg-4w7q
3
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w
reference_id GHSA-7cx3-2qx2-3g6w
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w
Weaknesses
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ffhb-2kg9-afe2