thorsten/phpmyfaq Security Advisories for 4.1.3 (3)
-
[HIGH] phpMyFAQ has an incomplete fix for GHSA-xvp4-phqj-cjr3 — editUser() and updateUserRights() lack authorization guards
PKSA-bgmm-r5q1-dvfj GHSA-985r-q3qp-299h
Affected version: <=4.1.3
Reported by:
GitHub -
[MEDIUM] phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)
PKSA-wn7x-tbkv-cqqp CVE-2026-49205 GHSA-8c6h-7g6x-m5x4
Affected version: <4.1.4
Reported by:
GitHub -
[LOW] phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing
PKSA-p1ky-vdyf-6r6j CVE-2026-48488 GHSA-58fg-62fg-3fcj
Affected version: <=4.1.3
Reported by:
GitHub