[HIGH] phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation

PKSA-1ckg-7bmf-xkmp CVE-2026-35676 GHSA-9qv9-8xv6-5p35

Affected package: phpmyfaq/phpmyfaq

Affected version: <4.1.3

Reported by:
GitHub