Product

Phpmyfaq < 4.1.3

3 briefs RSS

phpMyFAQ Authentication Bypass Allows Account Takeover

An authentication bypass vulnerability in phpMyFAQ allows an unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts, by sending a PUT request with a valid username and associated email address to /api/user/password/update, resulting in complete account takeover.

phpmyfaq < 4.1.3 authentication-bypass account-takeover phpmyfaq web-application

2r 5h ago

medium advisory

phpMyFAQ Unauthenticated Password Reset Vulnerability

2 rules 1 TTP

phpMyFAQ versions prior to 4.1.3 are vulnerable to an unauthenticated password reset vulnerability that allows attackers to enumerate valid accounts and forcibly change user passwords by exploiting the password reset API without token validation.

phpMyFAQ < 4.1.3 phpMyFAQ password-reset account-enumeration

2r 1t 5h ago

high advisory

phpMyFAQ IDOR Allows Admin Account Takeover

2 rules 1 TTP

An IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts, without authorization verification, leading to privilege escalation.

phpMyFAQ < 4.1.3 phpMyFAQ IDOR privilege-escalation account-takeover

2r 1t 5h ago