thorsten/phpmyfaq Security Advisories for 4.1.2 (4)
-
[HIGH] phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
PKSA-x1b3-f9q9-1brm CVE-2026-35675 GHSA-w9xh-5f39-vq89
Affected version: <4.1.3
Reported by:
GitHub -
[HIGH] phpMyFAQ: Default Empty API Token Authentication Bypass
PKSA-jk8b-rmby-gztg CVE-2026-35672 GHSA-gp95-j463-vv28
Affected version: <=4.1.2
Reported by:
GitHub -
[HIGH] phpMyFAQ: IDOR Account Takeover
PKSA-ttcw-fg74-jv2w CVE-2026-35671 GHSA-xvp4-phqj-cjr3
Affected version: <4.1.3
Reported by:
GitHub -
[HIGH] phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
PKSA-64xv-jbdm-pg2q CVE-2026-35676 GHSA-9qv9-8xv6-5p35
Affected version: <4.1.3
Reported by:
GitHub