thorsten/phpmyfaq Security Advisories for 4.1.2 (4)
-
[HIGH] phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
PKSA-x1b3-f9q9-1brm GHSA-w9xh-5f39-vq89
Affected version: <4.1.3
Reported by:
GitHub -
[HIGH] phpMyFAQ: Default Empty API Token Authentication Bypass
PKSA-jk8b-rmby-gztg GHSA-gp95-j463-vv28
Affected version: <=4.1.2
Reported by:
GitHub -
[HIGH] phpMyFAQ: IDOR Account Takeover
PKSA-ttcw-fg74-jv2w GHSA-xvp4-phqj-cjr3
Affected version: <4.1.3
Reported by:
GitHub -
[HIGH] phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
PKSA-64xv-jbdm-pg2q GHSA-9qv9-8xv6-5p35
Affected version: <4.1.3
Reported by:
GitHub