CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

ThinkPHP50-CMS 代码问题漏洞

ThinkPHP50-CMS is a CMS based on ThinkPHP 5.0.18. A code issue vulnerability exists in ThinkPHP50-CMS that stems from improper implementation of functional logic in the product /public/?s=captcha link. An attacker could use this vulnerability to cause code execution. The following products and...