VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-15bx-wfer-qygk

Essentials
Severities (18)
References (7)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-15bx-wfer-qygk
Aliases	CVE-2023-2429 GHSA-r69v-q48g-3966
Summary	Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-284	Improper Access Control
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2023-2429
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2023-2429
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2023-2429
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-r69v-q48g-3966
cvssv3.1	6.6	https://github.com/thorsten/phpmyfaq
generic_textual	MODERATE	https://github.com/thorsten/phpmyfaq
cvssv3	6.6	https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
cvssv3.1	6.6	https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
generic_textual	MODERATE	https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
ssvc	Track	https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
cvssv3.1	6.6	https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
generic_textual	MODERATE	https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
cvssv3	6.6	https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
cvssv3.1	6.6	https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
generic_textual	MODERATE	https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
ssvc	Track	https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
cvssv3.1	6.6	https://nvd.nist.gov/vuln/detail/CVE-2023-2429
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-2429

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-2429
		https://github.com/thorsten/phpmyfaq
		https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
		https://nvd.nist.gov/vuln/detail/CVE-2023-2429
07552f5577ff8b1e6f7cdefafcce9b2a744d3a24		https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24
20d3a0b3-2693-4bf1-b196-10741201a540		https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540
GHSA-r69v-q48g-3966		https://github.com/advisories/GHSA-r69v-q48g-3966

No exploits are available.

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://github.com/thorsten/phpmyfaq

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/ Found at https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/ Found at https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-2429

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.6704
EPSS Score	0.00514
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:30:11.712497+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2023/2xxx/CVE-2023-2429.json	38.6.0