CVE-2026-46364: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in thorsten phpmyfaq
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.
AI Analysis
Technical Summary
CVE-2026-46364 is an unauthenticated SQL injection vulnerability affecting phpMyFAQ versions prior to 4.1.2. The flaw exists in the BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods, which incorporate unsanitized User-Agent HTTP headers into SQL DELETE and INSERT statements. Attackers can exploit this by sending malicious User-Agent headers to the GET /api/captcha endpoint, enabling time-based blind SQL injection attacks. This allows extraction of sensitive database information including user credentials, administrative tokens, and SMTP credentials. The vulnerability is rated critical with a CVSS 3.1 base score of 9.8. No patch or official remediation is currently documented, and the product is not a cloud service.
Potential Impact
Successful exploitation of this vulnerability allows unauthenticated attackers to perform time-based blind SQL injection attacks against the phpMyFAQ database. This can lead to unauthorized disclosure of sensitive information such as user credentials, admin tokens, and SMTP credentials. The impact includes full confidentiality, integrity, and availability compromise of the affected system's database. Given the critical CVSS score of 9.8, the vulnerability poses a severe risk to affected installations.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the /api/captcha endpoint or implementing web application firewall (WAF) rules to block malicious User-Agent headers targeting this endpoint. Monitoring for unusual traffic patterns to this API may also help detect exploitation attempts. Avoid exposing vulnerable versions of phpMyFAQ to untrusted networks.
CVE-2026-46364: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in thorsten phpmyfaq
Description
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.
CVSS v3.1
Score 9.8critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46364 is an unauthenticated SQL injection vulnerability affecting phpMyFAQ versions prior to 4.1.2. The flaw exists in the BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods, which incorporate unsanitized User-Agent HTTP headers into SQL DELETE and INSERT statements. Attackers can exploit this by sending malicious User-Agent headers to the GET /api/captcha endpoint, enabling time-based blind SQL injection attacks. This allows extraction of sensitive database information including user credentials, administrative tokens, and SMTP credentials. The vulnerability is rated critical with a CVSS 3.1 base score of 9.8. No patch or official remediation is currently documented, and the product is not a cloud service.
Potential Impact
Successful exploitation of this vulnerability allows unauthenticated attackers to perform time-based blind SQL injection attacks against the phpMyFAQ database. This can lead to unauthorized disclosure of sensitive information such as user credentials, admin tokens, and SMTP credentials. The impact includes full confidentiality, integrity, and availability compromise of the affected system's database. Given the critical CVSS score of 9.8, the vulnerability poses a severe risk to affected installations.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the /api/captcha endpoint or implementing web application firewall (WAF) rules to block malicious User-Agent headers targeting this endpoint. Monitoring for unusual traffic patterns to this API may also help detect exploitation attempts. Avoid exposing vulnerable versions of phpMyFAQ to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-13T19:40:27.809Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a076ec4ec166c07b0830ab6
Added to database: 5/15/2026, 7:06:44 PM
Last enriched: 5/28/2026, 7:59:32 PM
Last updated: 6/2/2026, 4:25:44 PM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.