Main Vulnerability Database Exploits ID:12635 - Exploit for Improper Neutralization of Special Elements in Data Query Logic in phpMyFAQ - CVE-2026-34973

ID:12635 - Exploit for Improper Neutralization of Special Elements in Data Query Logic in phpMyFAQ - CVE-2026-34973

Published: April 23, 2026

Vulnerability identifier: #VU126885

Vulnerability risk: Medium

CVE-ID: CVE-2026-34973

CWE-ID: CWE-943

Exploitation vector: Remote access

Vulnerable software:
phpMyFAQ

Link to public exploit:

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper neutralization of special elements in data query logic within searchCustomPages() in Search.php. A remote attacker can gain access to sensitive information.

Remediation

Install updates from vendor's website.

ID:12635 - Exploit for Improper Neutralization of Special Elements in Data Query Logic in phpMyFAQ - CVE-2026-34973

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human