Description
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.
Published: 2026-04-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability is a LIKE wildcard injection in phpMyFAQ’s Search.php before version 4.1.1. The searchCustomPages() method uses real_escape_string() but does not escape SQL LIKE metacharacters % and _, allowing attackers to inject these wildcards into search queries. This causes the database to match records that were not intended to be returned, resulting in unauthorized disclosure of FAQ content. The weakness is identified as CWE‑943.

Affected Systems

The flaw affects the open‑source phpMyFAQ application published by thorsten. Any installation running a version earlier than 4.1.1, in particular 4.1.0 and older, is susceptible. The issue is fixed in phpMyFAQ 4.1.1.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity vulnerability. With an EPSS score below 1 % and no presence in the CISA KEV catalog, the likelihood of exploitation is low, but the impact remains significant for exposed FAQ data. An unauthenticated attacker can trigger the vulnerability by submitting crafted search terms through the web interface, which is a remote attack vector. Successful exploitation leads to partial data breach of FAQ entries that were not intended for public view.

Generated by OpenCVE AI on April 6, 2026 at 19:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update phpMyFAQ to version 4.1.1 or newer.

Generated by OpenCVE AI on April 6, 2026 at 19:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gcp9-5jc8-976x phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
History

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Phpmyfaq
Phpmyfaq phpmyfaq
CPEs cpe:2.3:a:phpmyfaq:phpmyfaq:4.1.0:*:*:*:*:*:*:*
Vendors & Products Phpmyfaq
Phpmyfaq phpmyfaq
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Thorsten
Thorsten phpmyfaq
Vendors & Products Thorsten
Thorsten phpmyfaq

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.
Title phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
Weaknesses CWE-943
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Phpmyfaq Phpmyfaq
Thorsten Phpmyfaq
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T18:24:15.944Z

Reserved: 2026-03-31T19:38:31.616Z

Link: CVE-2026-34973

cve-icon Vulnrichment

Updated: 2026-04-03T18:24:03.413Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:51.750

Modified: 2026-04-06T16:11:33.393

Link: CVE-2026-34973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:56:10Z

Weaknesses