[MEDIUM] phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

PKSA-1str-48zy-4tqs CVE-2026-45008 GHSA-rmqr-h98c-qg2m

Affected package: phpmyfaq/phpmyfaq

Affected version: <4.1.2

Reported by:
GitHub