📋 الوصف الكامل

CVE ID :CVE-2026-35672 Published : May 28, 2026, 4:16 p.m. | 2 hours, 8 minutes ago Description :phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious conte