Description
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
Remediation
References
Related Vulnerabilities
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.18.727)
WordPress Plugin Track That Stat 'data' Parameter Cross-Site Scripting (1.0.8)
WordPress Plugin Simple visitor stat Cross-Site Scripting (1.0)
WordPress Plugin FG PrestaShop to WooCommerce Cross-Site Scripting (3.19.1)