phpMyFAQ – Authentication Bypass via Empty API Token_CVE-2026-35672

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via POST endpoints /api/v4.0/faq/create, /api/v4.0/category, and /api/v4.0/question.

Basic Information

ID CVE-2026-35672

Source VulnCheck

Published May 28, 2026 at 14:13

Modified May 28, 2026 at 15:28

Affected Product

Vendor thorsten

Product phpMyFAQ

Affected Versions thorsten phpMyFAQ 0

CWE Classification

CWE-1188

References

{
    "lastseen": "",
    "description": "phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via POST endpoints /api/v4.0/faq/create, /api/v4.0/category, and /api/v4.0/question.",
    "published": "2026-05-28T14:13:13.739Z",
    "modified": "2026-05-28T15:28:15.557Z",
    "type": "cve",
    "title": "phpMyFAQ - Authentication Bypass via Empty API Token",
    "source": "VulnCheck",
    "references": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28\nhttps://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token",
    "id": "CVE-2026-35672",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1188"
    ],
    "cvelist": null,
    "sourceData": "thorsten phpMyFAQ 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "phpMyFAQ",
    "version": "0",
    "vendor": "thorsten",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}