Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-e3h4-tm9q-dufz
Vulnerability ID VCID-e3h4-tm9q-dufz
Aliases CVE-2022-3754
GHSA-2rr3-rv49-p42f
Summary Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-521 Weak Password Requirements
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
epss 0.00921 https://api.first.org/data/v1/epss?cve=CVE-2022-3754
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-2rr3-rv49-p42f
cvssv3.1 9.8 https://github.com/thorsten/phpmyfaq
generic_textual CRITICAL https://github.com/thorsten/phpmyfaq
cvssv3 7.5 https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
cvssv3.1 9.8 https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
generic_textual CRITICAL https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
ssvc Track https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
cvssv3 7.5 https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
cvssv3.1 9.8 https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
generic_textual CRITICAL https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
ssvc Track https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3754
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-3754
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-3754
https://github.com/thorsten/phpmyfaq
CVE-2022-3754 https://nvd.nist.gov/vuln/detail/CVE-2022-3754
d7a87d2646287828c70401ca8976ef531fbc77ea https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
f4711d7f-1368-48ab-9bef-45f32e356c47 https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
GHSA-2rr3-rv49-p42f https://github.com/advisories/GHSA-2rr3-rv49-p42f
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/thorsten/phpmyfaq
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/ Found at https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/ Found at https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3754
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.76427
EPSS Score 0.00921
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:42:06.862142+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2022/3xxx/CVE-2022-3754.json 38.6.0