CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6048 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6048
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos lean archivos adjuntos arbitrarios mediante una petición directa. • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6049 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6049
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con privilegios de administrador omitan la autorización mediante un parámetro ID de instancia manipulado. • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6047 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6047
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos lean archivos adjuntos arbitrarios aprovechando comprobaciones incorrectas del permiso "download an attachment". • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-275: Permission Issues •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6045 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6045
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. Vulnerabilidad de inyección SQL en phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos ejecuten comandos SQL arbitrarios mediante vectores relacionados con la función restore. • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6050 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6050
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos omitan el mecanismo de protección CAPTCHA reproduciendo la petición. • https://www.exploit-db.com/exploits/34580 http://techdefencelabs.com/security-advisories.html https://www.phpmyfaq.de/security/advisory-2014-09-16 • CWE-254: 7PK - Security Features •