phpMyFAQ 1.4.0 allows remote malicious users to access the Image Manager to upload or delete images without authorization via a direct request.
phpmyfaq phpmyfaq 1.4.0