Vulnerability Details : CVE-2022-3754
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Products affected by CVE-2022-3754
- cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3754
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3754
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
huntr.dev | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-3754
-
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.Assigned by:
- nvd@nist.gov (Primary)
- security@huntr.dev (Secondary)
References for CVE-2022-3754
-
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47
Weak Password Requirement vulnerability found in phpmyfaqExploit;Patch;Third Party Advisory
-
https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
fix: check for at least 8 characters for a password · thorsten/phpMyFAQ@d7a87d2 · GitHubPatch;Third Party Advisory
Jump to