CVE-2026-34973
MEDIUMphpMyFAQ <4.1.1 Search.php - LIKE Wildcard Injection
Title source: manualDescription
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x
X_Refsource_Misc x_refsource_misc
https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1
Scores
CVSS v3
5.3
EPSS
0.0034
EPSS Percentile
25.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-943
Status
published
Products (3)
phpmyfaq/phpmyfaq
4.1.0
thorsten/phpmyfaq
0 - 4.1.1Packagist
thorsten/phpMyFAQ
< 4.1.1
Published
Apr 02, 2026
Tracked Since
Apr 02, 2026