CVE-2026-34973

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.1

Description pMyFAQ is an open source FAQ web application. The searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real escape string() to sanitize search terms before embedding them in LIKE clauses. However, real escape string() does not escape SQL LIKE metacharacters % (match any sequence) and (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records, resulting in information disclosure. The vulnerable code is located in phpmyfaq/src/phpMyFAQ/Search.php, lines 226–240. The attack vector involves submitting a search term containing or % as part of a word with a length of 3 or more characters, bypassing a length filter. For example, a search for % can match all custom pages. This allows an attacker to retrieve custom page content that would not appear in normal searches.

Recommendations Update phpMyFAQ to version 4.1.1 or later.