CVE-2026-46364 Scanner
CVE-2026-46364 Scanner - SQL Injection (SQLi) vulnerability in phpMyFAQ
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
16 days 22 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
phpMyFAQ is a popular open-source FAQ system used by numerous websites for managing frequently asked questions. It's employed in environments ranging from small websites to large enterprise settings. The platform provides a robust and flexible solution for centralized knowledge management and user support, making it a valuable tool for organizations looking to enhance their customer service capabilities. Typically managed by web administrators or IT personnel, phpMyFAQ integrates into a wide variety of web servers and hosting setups. Its user-friendly interface and expansive feature set have made it a preferred choice for users looking for a seamless and efficient FAQ management solution.
The SQL Injection vulnerability detected in phpMyFAQ arises from the improper sanitization of User-Agent headers in specific functions. Malicious actors can exploit this by injecting SQL commands through unsanitized headers, potentially allowing unauthorized access to sensitive information. As this vulnerability is unauthenticated, attackers do not require credentials to exploit it, significantly increasing the threat. This flaw impacts versions of phpMyFAQ up to and including 4.1.1. It presents a severe risk due to its ability to compromise databases and extract key information.
Technical details of this SQL Injection vulnerability reveal its presence within the BuiltinCaptcha::garbageCollector() and saveCaptcha() methods. Vulnerable endpoints, such as the public GET /api/captcha endpoint, provide attack vectors for SQL injections using malicious User-Agent headers. By executing a time-based blind SQL injection, attackers can extract valuable data by manipulating queries within the database. Key data at risk includes user credentials, administrative tokens, and SMTP credentials, exposing the system to significant exploitation possibilities.
When exploited, this vulnerability allows attackers to obtain sensitive data from the target system, creating opportunities for further infiltration. Compromised data might include user login information, administrative tokens, or SMTP details, potentially endangering wider system security. Such exposure can lead to unauthorized data access, identity theft, or disruption of services. Addressing this vulnerability is thus critical to maintain data integrity and prevent unauthorized exploitation.
REFERENCES
