Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/360263?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360263?format=api", "vulnerability_id": "VCID-ffhb-2kg9-afe2", "summary": "Duplicate Advisory: phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-7cx3-2qx2-3g6w. This link is maintained to preserve external references.\n\n### Original Description\nphpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid session cookie, resulting in permanent data loss and disruption of FAQ organization.", "aliases": [ { "alias": "GHSA-5h62-f8fg-4w7q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41355?format=api", "purl": "pkg:composer/phpmyfaq/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "affected_packages": [], "references": [ { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46365" }, { "reference_url": "https://github.com/advisories/GHSA-5h62-f8fg-4w7q", "reference_id": "GHSA-5h62-f8fg-4w7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h62-f8fg-4w7q" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w", "reference_id": "GHSA-7cx3-2qx2-3g6w", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w" } ], "weaknesses": [ { "cwe_id": 862, "name": "Missing Authorization", "description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffhb-2kg9-afe2" }