CVE-2014-6047

phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt