Improper Authorization
CVE-2014-6049
Summary
phpMyFAQ 2.9.0-alpha and versions before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- HIGH
- NONE
- NONE
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published