GHSA-ch9q-c9mp-j5gq
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references.
Original Description
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w, https://nvd.nist.gov/vuln/detail/CVE-2026-46364, https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92, https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha
Basic Information
