CVE-2026-46359— phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46359
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields
Source: NVD (National Vulnerability Database)
Vulnerability Description
phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-46359
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46359
请登录查看更多情报信息。
Same Patch Batch · thorsten · 2026-05-15 · 13 CVEs total
| CVE-2026-46364 | 9.8 CRITICAL | phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha |
| CVE-2026-45010 | 9.1 CRITICAL | phpMyFAQ - Unauthenticated Two-Factor Authentication Brute-Force via /admin/check Endpoint |
| CVE-2026-46367 | 7.6 HIGH | phpMyFAQ - Stored XSS via Utils::parseUrl() in Comment Rendering |
| CVE-2026-46366 | 7.5 HIGH | phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypas |
| CVE-2026-46361 | 6.9 MEDIUM | phpMyFAQ - Stored Cross-Site Scripting via raw Filter in search.twig |
| CVE-2026-45008 | 6.5 MEDIUM | phpMyFAQ - Path Traversal in Client::deleteClientFolder via URL Parameter |
| CVE-2026-46362 | 6.5 MEDIUM | phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check |
| CVE-2026-46360 | 5.4 MEDIUM | phpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG Sanitizer |
| CVE-2026-46363 | 5.4 MEDIUM | phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass |
| CVE-2026-46365 | 5.4 MEDIUM | phpMyFAQ - Missing Authorization in Tag Deletion Endpoint |
| CVE-2026-45007 | 4.3 MEDIUM | phpMyFAQ - Missing Permission Check on 12 Configuration API Endpoints Allows Information D |
| CVE-2026-45009 | 4.3 MEDIUM | phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints |
IV. Related Vulnerabilities
Same product: phpmyfaq
- CVE-2026-46367
phpMyFAQ - Stored XSS via Utils::parseUrl() in Comment Rende - CVE-2026-46366
phpMyFAQ - Unauthenticated Information Disclosure via getIdF - CVE-2026-46365
phpMyFAQ - Missing Authorization in Tag Deletion Endpoint - CVE-2026-46364
phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCap - CVE-2026-46363
phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Deco
Same vendor: thorsten
- CVE-2026-46367
phpMyFAQ - Stored XSS via Utils::parseUrl() in Comment Rende - CVE-2026-46366
phpMyFAQ - Unauthenticated Information Disclosure via getIdF - CVE-2026-46365
phpMyFAQ - Missing Authorization in Tag Deletion Endpoint - CVE-2026-46364
phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCap - CVE-2026-46363
phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Deco
Same weakness: CWE-89
- CVE-2026-45800
Vvveb: Authenticated SQL injection in /user/orders via order - CVE-2026-46364
phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCap - CVE-2021-47966
PHP Timeclock 1.04 SQL Injection via login.php - CVE-2026-7046
NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - - CVE-2026-42847
ClipBucket: Improper Neutralization of Special Elements used
V. Comments for CVE-2026-46359
No comments yet