Tag
phpMyFAQ before version 4.1.3 is vulnerable to an authentication bypass in the password reset endpoint, allowing unauthenticated attackers to reset any user account password without token verification or email confirmation, potentially leading to complete account takeover, including administrative access.