SecuriTricks - CVE-2026-35675

Description

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via email, and achieve complete account takeover including administrative access.

Product(s) Impacted

Vendor	Product	Versions
Phpmyfaq	Phpmyfaq	<4.1.3

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	phpmyfaq	phpmyfaq	<4.1.3	/	/	/	/	/	/	/

References

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w9xh-5f39-vq89

https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-missing-password-reset-token-in-api-user-password-update

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w9xh-5f39-vq89

CVSS Score

8.8 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: LOW
Integrity Impact: HIGH
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: May 28, 2026, 4:16 p.m.
Last Modified: May 29, 2026, 2:16 p.m.

Status : Deferred

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-35675