[MEDIUM] phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

PKSA-kw83-ss3b-tqsv CVE-2026-24421 GHSA-wm8h-26fv-mg7g

Affected package: phpmyfaq/phpmyfaq

Affected version: <=4.0.16

Reported by:
GitHub