4 matches found
EUVD-2026-32905
phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...
CVE-2026-35676 phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint
phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...
CVE-2026-35676
phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...
PT-2024-21308 · Fujian Kelixin · Fujian Kelixin Communication Command/Dispatch Platform
Name of the Vulnerable Software and Affected Versions: Fujian Kelixin Communication Command and Dispatch Platform versions up to 20240318 Description: A critical issue affects some unknown functionality of the file api/client/user/pwd update.php. The manipulation of the uuid argument leads to SQL...