Skip to main content

Permission Issues

CVE-2014-6047

Severity Medium
Score 5.3/10

Summary

phpMyFAQ 2.9.0-alpha and versions before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-275 - Permission Issues

Weaknesses in this category are related to improper assignment or handling of permissions.

References

Advisory Timeline

  • Published