PT-2026-41366 · Phpmyfaq · Phpmyfaq

Adrgs

·

Published

2026-05-06

·

Updated

2026-06-11

·

CVE-2026-46364

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2
Description An unauthenticated SQL injection exists in the BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods. The issue occurs when unsanitized User-Agent headers are interpolated into DELETE and INSERT queries. Unauthenticated attackers can exploit the ' /api/captcha' endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, which allows for the extraction of sensitive data such as user credentials, admin tokens, and SMTP credentials from the database. Over 1,200 potentially affected devices have been identified.
Recommendations Update to version 4.1.2 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46364
GHSA-289F-FQ7W-6Q2W
GHSA-CH9Q-C9MP-J5GQ

Affected Products

Phpmyfaq