PhpMyFAQ

phpMyFAQ before 4.1.3 is vulnerable to an unauthenticated password reset, allowing attackers to change account passwords without token validation by sending crafted PUT requests to the /api/index.php/user/password/update endpoint.

phpMyFAQ before version 4.1.2 contains a SQL injection vulnerability in CurrentUser::setTokenData, allowing authenticated attackers with crafted Azure AD accounts to execute arbitrary SQL queries by injecting malicious OAuth token claims.

Unauthenticated SQL injection vulnerability exists in phpMyFAQ <= 4.1.1 due to improper handling of the User-Agent header in BuiltinCaptcha, allowing attackers to inject malicious SQL payloads and potentially gain complete control of the datastore.