Permission Issues
CVE-2014-6047
Summary
phpMyFAQ 2.9.0-alpha and versions before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-275 - Permission Issues
Weaknesses in this category are related to improper assignment or handling of permissions.
References
Advisory Timeline
- Published
