Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6048)

Description

phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.

Remediation

References

Related Vulnerabilities

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.11)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-1941)

Seo Panel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39413)

Apache HTTP Server Improper Privilege Management Vulnerability (CVE-2026-44119)

Drupal Core 8.9.x Cross-Site Request Forgery (8.9.0 - 8.9.18)

Severity

Medium

Classification

CVE-2014-6048 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities