phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrator…

phpMyFAQ versions before 4.1.3 contain an insecure direct object reference vulnerability in the admin API user password endpoint. The vulnerability allows authenticated administrators to change any user's password without proper authorization verification. Attackers with low-privilege admin credentials can exploit this by modifying the userId parameter in the overwrite-password API request to escalate privileges to SuperAdmin level. This represents a significant privilege escalation vulnerability that compromises the application's access control mechanisms.