VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-t7e4-mbf8-d3cm

Essentials
Severities (19)
References (6)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-t7e4-mbf8-d3cm
Aliases	CVE-2023-1887 GHSA-gx43-fqrx-6fcw
Summary	thorsten/phpmyfaq vulnerable to business logic errors Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-840	Business Logic Errors
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2023-1887
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2023-1887
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2023-1887
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2023-1887
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2023-1887
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2023-1887
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-gx43-fqrx-6fcw
cvssv3.1	8.3	https://github.com/thorsten/phpMyFAQ
generic_textual	HIGH	https://github.com/thorsten/phpMyFAQ
cvssv3	8.3	https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89
cvssv3.1	8.3	https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89
generic_textual	HIGH	https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89
ssvc	Track	https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89
cvssv3	8.3	https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
cvssv3.1	8.3	https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
generic_textual	HIGH	https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
ssvc	Track	https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
cvssv3.1	8.3	https://nvd.nist.gov/vuln/detail/CVE-2023-1887
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-1887

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-1887
		https://github.com/thorsten/phpMyFAQ
		https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89
		https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
CVE-2023-1887		https://nvd.nist.gov/vuln/detail/CVE-2023-1887
GHSA-gx43-fqrx-6fcw		https://github.com/advisories/GHSA-gx43-fqrx-6fcw

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H Found at https://github.com/thorsten/phpMyFAQ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H Found at https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H Found at https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/ Found at https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H Found at https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H Found at https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/ Found at https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1887

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.53969
EPSS Score	0.00304
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:44:26.888329+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/thorsten/phpmyfaq/CVE-2023-1887.yml	38.6.0