CVE-2026-35675
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Summary
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via email, and achieve complete account takeover including administrative access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| thorsten | phpMyFAQ | 0 < 4.1.3 | affected |
| thorsten | phpMyFAQ | 4.1.3 | unaffected |
Weaknesses
- CWE-307: Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w9xh-5f39-vq89
- https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-missing-password-reset-token-in-api-user-password-update
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.