Description
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Email Before Download Unspecified Vulnerability (6.9.3)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5324)
Drupal Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-9450)
SharePoint Improper Input Validation Vulnerability (CVE-2019-0594)