CVE-2014-6047

MEDIUM

phpMyFAQ <2.8.13 - Info Disclosure

Title source: llm

Description

phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/34580

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://techdefencelabs.com/security-advisories.html

[Vendor Advisory] https://www.phpmyfaq.de/security/advisory-2014-09-16

Scores

CVSS v3 5.3

EPSS 0.0467

EPSS Percentile 89.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-275

Status published

Products (1)

phpmyfaq/phpmyfaq < 2.8.13

Published Aug 28, 2018

Tracked Since Feb 18, 2026