Description
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-25236)
Squid Improper Input Validation Vulnerability (CVE-2014-3609)
WordPress Plugin Music Store Cross-Site Scripting (1.0.52)
MySQL CVE-2013-3808 Vulnerability (CVE-2013-3808)
WordPress Plugin Restricted Site Access Unspecified Vulnerability (2.0)