CVE-2026-34973: CWE-943: Improper Neutralization of Special Elements in Data Query Logic in thorsten phpMyFAQ
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.
AI Analysis
Technical Summary
The vulnerability (CVE-2026-34973) in phpMyFAQ affects versions before 4.1.1. The searchCustomPages() method uses real_escape_string() to sanitize input, but this function does not escape SQL LIKE wildcards '%' and '_'. An attacker can exploit this to inject these wildcards into search queries, causing broader matches than intended and leading to information disclosure. This is classified under CWE-943 (Improper Neutralization of Special Elements in Data Query Logic). The vulnerability has a CVSS 4.0 score of 6.9 (medium severity).
Potential Impact
An unauthenticated attacker can manipulate search queries to include SQL LIKE wildcards, resulting in the disclosure of information that was not intended to be accessible through the search functionality. This could expose sensitive or restricted content stored in the FAQ database.
Mitigation Recommendations
Upgrade phpMyFAQ to version 4.1.1 or later, where this vulnerability has been patched. No other mitigation is required as the fix is officially available.
CVE-2026-34973: CWE-943: Improper Neutralization of Special Elements in Data Query Logic in thorsten phpMyFAQ
Description
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CVE-2026-34973) in phpMyFAQ affects versions before 4.1.1. The searchCustomPages() method uses real_escape_string() to sanitize input, but this function does not escape SQL LIKE wildcards '%' and '_'. An attacker can exploit this to inject these wildcards into search queries, causing broader matches than intended and leading to information disclosure. This is classified under CWE-943 (Improper Neutralization of Special Elements in Data Query Logic). The vulnerability has a CVSS 4.0 score of 6.9 (medium severity).
Potential Impact
An unauthenticated attacker can manipulate search queries to include SQL LIKE wildcards, resulting in the disclosure of information that was not intended to be accessible through the search functionality. This could expose sensitive or restricted content stored in the FAQ database.
Mitigation Recommendations
Upgrade phpMyFAQ to version 4.1.1 or later, where this vulnerability has been patched. No other mitigation is required as the fix is officially available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-31T19:38:31.616Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69ce8676e6bfc5ba1de33847
Added to database: 4/2/2026, 3:08:38 PM
Last enriched: 4/9/2026, 10:42:27 PM
Last updated: 5/20/2026, 9:38:31 PM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.