CVE-2014-6048
The CVE-2014-6048 flaw affects phpMyFAQ before version 2.8.13, where an attacker can read arbitrary attachments via a direct request due to a missing check on whether an attachment is being requested. Public references describe unauthenticated read access and verify the core issue as improper acc...