[HIGH] phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration

PKSA-527c-n963-c1j5 CVE-2026-35675 GHSA-w9xh-5f39-vq89

Affected package: phpmyfaq/phpmyfaq

Affected version: <4.1.3

Reported by:
GitHub