[HIGH] phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation

PKSA-64xv-jbdm-pg2q GHSA-9qv9-8xv6-5p35

Affected package: thorsten/phpmyfaq

Affected version: <4.1.3

Reported by:
GitHub