Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-13tt-k316-13fu
Vulnerability ID VCID-13tt-k316-13fu
Aliases CVE-2022-3754
GHSA-2rr3-rv49-p42f
Summary phpMyFAQ contains Weak Password Requirements phpMyFAQ prior to version 3.1.8 has Weak Password Requirements. Version 3.1.8 introduces an eight-character minimum password length.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-521 Weak Password Requirements
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-2rr3-rv49-p42f
cvssv3.1 9.8 https://github.com/thorsten/phpmyfaq
generic_textual CRITICAL https://github.com/thorsten/phpmyfaq
cvssv3 7.5 https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
cvssv3.1 9.8 https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
generic_textual CRITICAL https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
ssvc Track https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
cvssv3 7.5 https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
cvssv3.1 9.8 https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
generic_textual CRITICAL https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
ssvc Track https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3754
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-3754
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-3754
https://github.com/thorsten/phpmyfaq
https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
https://nvd.nist.gov/vuln/detail/CVE-2022-3754
GHSA-2rr3-rv49-p42f https://github.com/advisories/GHSA-2rr3-rv49-p42f
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/thorsten/phpmyfaq
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/ Found at https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/ Found at https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3754
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.76351
EPSS Score 0.00921
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:44:01.853396+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-2rr3-rv49-p42f/GHSA-2rr3-rv49-p42f.json 38.6.0