Improper Permission Check in phpMyFAQ Affects User Data Access
CVE-2014-6047

5.3MEDIUM

Key Information:

Vendor: pHPMyFAQ
Status: pHPMyFAQ
Vendor: CVE Published:; 28 August 2018

What is CVE-2014-6047?

The vulnerability in phpMyFAQ prior to version 2.8.13 allows authenticated users with specific permissions to bypass attachment download restrictions. This flaw occurs due to inadequate permissions validation, enabling unauthorized access to arbitrary attachments. As a result, sensitive information might be exposed to users who should not have visibility into these files. It is crucial for users and administrators to upgrade to a fixed version to mitigate potential risks.

References

http://techdefencelabs.com/security-advisories.html

x_refsource_MISC

https://www.phpmyfaq.de/security/advisory-2014-09-16

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2018
Vulnerability Reserved
Sep 1, 2014

JSON

pHPMyFAQ

What is CVE-2014-6047?

References

CVSS V3.1

Timeline