An unauthenticated SQL injection vulnerability in phpMyFAQ allows attackers to extract sensitive data, including administrative tokens and credentials, from the backend database.

The application fails to sanitize User-Agent headers before incorporating them into database queries, allowing unauthenticated attackers to perform time-based blind SQL injection.

The exposure of administrative credentials and tokens enables full application takeover and sensitive data breach. A CVSS score of 9.8 highlights the critical danger of this unauthenticated data access.

Immediate Action: Update phpMyFAQ to version 4.1.2 or later to patch the vulnerable captcha methods.

Proactive Monitoring: Monitor database query logs for time-intensive queries or patterns associated with SQL injection attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with SQL injection protection rules to filter malicious User-Agent headers.

Public Exploit Available: false

This vulnerability provides a direct pathway to database compromise. Immediate patching is required to prevent unauthorized access to sensitive application data.