High severity7.5NVD Advisory· Published May 15, 2026· Updated May 28, 2026
CVE-2026-46359
CVE-2026-46359
Description
phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thorsten/phpmyfaqPackagist | < 4.1.2 | 4.1.2 |
phpmyfaq/phpmyfaqPackagist | < 4.1.2 | 4.1.2 |
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.