phpMyFAQ prior to 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyfaq phpmyfaq |