CVE-2026-46364 | thorsten phpMyFAQ up to 4.1.1 /api/captcha saveCaptcha sql injection (GHSA-289f-fq7w-6q2w)

A vulnerability labeled as critical has been found in thorsten phpMyFAQ up to 4.1.1. Impacted is the function BuiltinCaptcha::garbageCollector/BuiltinCaptcha::saveCaptcha of the file /api/captcha. The manipulation results in sql injection.

This vulnerability was named CVE-2026-46364. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More