phpMyFAQ: Public API endpoints expose emails and invisible questions
Summary Several public API endpoints return email addresses and non‑public records e.g. open questions with isVisible=false. Details OpenQuestionController::list calls Question::getAll with the default showAll=true, returning invisible questions and their emails. Similar exposures exist in...