CVE-2022-3754 - Vulnerability Details - OpenCVE

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Phpmyfaq	Phpmyfaq

Configuration 1 [-]

cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47

History

Thu, 08 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-10-29T00:00:00.000Z

Updated: 2025-05-08T19:13:47.991Z

Reserved: 2022-10-29T00:00:00.000Z

Link: CVE-2022-3754

Vulnrichment

Updated: 2024-08-03T01:20:57.514Z

NVD

Status : Modified

Published: 2022-10-29T13:15:09.477

Modified: 2024-11-21T07:20:10.990

Link: CVE-2022-3754

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3754", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2025-05-08T19:13:47.991Z", "dateReserved": "2022-10-29T00:00:00.000Z", "datePublished": "2022-10-29T00:00:00.000Z"}, "containers": {"cna": {"title": "Weak Password Requirements in thorsten/phpmyfaq", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2022-10-29T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8."}], "affected": [{"vendor": "thorsten", "product": "thorsten/phpmyfaq", "versions": [{"version": "unspecified", "lessThan": "3.1.8", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"}, {"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-521 Weak Password Requirements", "cweId": "CWE-521"}]}], "source": {"advisory": "f4711d7f-1368-48ab-9bef-45f32e356c47", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:57.514Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47", "tags": ["x_transferred"]}, {"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T19:12:28.495192Z", "id": "CVE-2022-3754", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T19:13:47.991Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47", "tags": ["x_transferred"]}, {"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:57.514Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3754", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T19:12:28.495192Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T19:12:34.362Z"}}], "cna": {"title": "Weak Password Requirements in thorsten/phpmyfaq", "source": {"advisory": "f4711d7f-1368-48ab-9bef-45f32e356c47", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "thorsten", "product": "thorsten/phpmyfaq", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "3.1.8", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"}, {"url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"}], "descriptions": [{"lang": "en", "value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2022-10-29T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3754", "state": "PUBLISHED", "dateUpdated": "2025-05-08T19:13:47.991Z", "dateReserved": "2022-10-29T00:00:00.000Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2022-10-29T00:00:00.000Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", "matchCriteriaId": "268E620F-3F05-4A1E-A49B-046B7CC8796C", "versionEndExcluding": "3.1.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8."}, {"lang": "es", "value": "Requisitos de Contrase\u00f1as D\u00e9biles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8.\n"}], "id": "CVE-2022-3754", "lastModified": "2024-11-21T07:20:10.990", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-29T13:15:09.477", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-521"}], "source": "nvd@nist.gov", "type": "Primary"}]}