Description

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.

Remediation

References

CVE-2014-6049

Related Vulnerabilities

Oracle Database Server CVE-2014-6546 Vulnerability (CVE-2014-6546)

WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)

LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9960)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)

Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27426)

Severity

Low

Classification

CVE-2014-6049 CWE-285 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities