CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

PT-2026-41366

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An unauthenticated SQL injection exists in the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods. The issue occurs when unsanitized User-Agent headers are interpolated into...

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection via the BuiltinCaptcha process. An attacker can access sensitive data, modify or delete database records, and extract credential hashes by...

GHSA-289F-FQ7W-6Q2W phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Summary BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha at phpmyfaq/src/phpMyFAQ/Captcha/BuiltinCaptcha.php:298 and :330 interpolate the User-Agent header and client IP address into DELETE and INSERT queries with sprintf and no escaping. Both methods run on every hit to the publi...

Cross-site Scripting

pyloadng is vulnerable to Cross-site Scripting. The vulnerability is due to unsafe handling of untrusted parameters in the Captcha and CNL endpoints, allowing attackers to inject malicious content or manipulate request processing, leading to Cross-site Scripting or other unintended behaviors...

CVE-2025-61773

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

CVE-2025-61773

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

CVE-2025-61773

pyLoad (pre-0.5.0b3.dev91) web UI input validation is insufficient in the Captcha script endpoint and the Click'N'Load (CNL) blueprint, allowing untrusted input to be processed unsafely and enabling client-side code execution (XSS) or other unintended behavior. A patch exists in version 0.5.0b3.d...

CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

GHSA-CJJF-27CC-PVMV pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

PT-2025-41449

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev91 Description pyLoad is a free and open-source download manager written in Python. Versions prior to 0.5.0b3.dev91 have insufficient input validation in the web interface, specifically in the Captcha script...

pyLoad 安全漏洞

pyLoad is a free and open source download manager written in Python by pyLoad Open Source. A security vulnerability exists in pyLoad versions prior to 0.5.0b3.dev91, which stems from insufficient input validation in the Captcha script endpoint and Click N Load Blueprint, and could lead to...