[MEDIUM] phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

PKSA-fgvt-rx8y-b52y CVE-2026-24421 GHSA-wm8h-26fv-mg7g

Affected package: thorsten/phpmyfaq

Affected version: <=4.0.16

Reported by:
GitHub