Description
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
Remediation
References
Related Vulnerabilities
WordPress Plugin Catch Themes Demo Import Security Bypass (1.5)
WordPress Plugin Process Steps Template Designer Cross-Site Request Forgery (1.2.1)
WordPress Plugin YITH Maintenance Mode Cross-Site Scripting (1.1.4)
Drupal Core Cross-Site Scripting (8.0.0 - 9.2.21)
WordPress Plugin underConstruction Cross-Site Request Forgery (1.08)