CVE-2026-49205 | thorsten phpMyFAQ up to 4.1.3 Public API /api/v4 hasValidToken userHasPermission authorization (GHSA-8c6h-7g6x-m5x4)

Inserito da Angelo Barbosa | Giu 19, 2026 | CVE

A vulnerability labeled as problematic has been found in thorsten phpMyFAQ up to 4.1.3. Affected by this vulnerability is the function hasValidToken of the file /api/v4 of the component Public API. Such manipulation of the argument userHasPermission leads to missing authorization.

This vulnerability is traded as CVE-2026-49205. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2026-49205 | thorsten phpMyFAQ up to 4.1.3 Public API /api/v4 hasValidToken userHasPermission authorization (GHSA-8c6h-7g6x-m5x4)

Post correlati

CVE-2026-11435 | Jinher OA 1.0 nextselectplan.aspx httpOID sql injection

CVE-2024-5115 | Campcodes Complete Web-Based School Management System 1.0 teacher_profile.php index sql injection

CVE-2024-32345 | CMSimple 5.15 Language Section Configuration cross site scripting

CVE-2024-25468 | Totolink X5000R 9.1.0u.6369_B20230113 NTPSyncWithHost host_time denial of service