CVE-2026-46364
CriticalSummary
phpMyFAQ before version 4.1.2 contains an unauthenticated SQL injection vulnerability in the BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods. Attackers can exploit the public GET /api/captcha endpoint by injecting malicious User-Agent headers, leading to the leakage of sensitive data.
Risk Assessment
This vulnerability allows unauthenticated attackers to access sensitive information, such as user credentials, admin tokens, and SMTP credentials, which can lead to serious security breaches within the organization.
Recommendation
It is recommended to upgrade phpMyFAQ to version 4.1.2 or later to mitigate this vulnerability. Additionally, implementing extra security measures, such as filtering User-Agent headers, is advisable.
Original NVD description (English source)
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.

