phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
References
Link | Resource |
---|---|
http://techdefencelabs.com/security-advisories.html | Third Party Advisory |
https://www.phpmyfaq.de/security/advisory-2014-09-16 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-08-28 17:29
Updated : 2024-02-28 16:48
NVD link : CVE-2014-6047
Mitre link : CVE-2014-6047
CVE.ORG link : CVE-2014-6047
JSON object : View
Products Affected
phpmyfaq
- phpmyfaq
CWE
CWE-275
Permission Issues