Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.15 views

CVE-2026-46359

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:17 p.m.22 views

CVE-2026-46359

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

7.7CVSS0.00212EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:44 p.m.9 views

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:44 p.m.6 views

SQL Injection

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References2
Rows per page
Query Builder