CVE-2026-46359
HIGHphpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields
Title source: cnaDescription
phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GHSA Advisory GHSA-pm8c-3qq3-72w7
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7
Third Party Advisory third-party-advisory
VulnCheck Advisory: phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields
https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields
Scores
CVSS v3
7.5
EPSS
0.0021
EPSS Percentile
11.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (4)
phpmyfaq/phpmyfaq
0 - 4.1.2Packagist
thorsten/phpmyfaq
< 4.1.2
thorsten/phpmyfaq
0 - 4.1.2Packagist
thorsten/phpmyfaq
4.1.2
Published
May 15, 2026
Tracked Since
May 16, 2026