Vulnerability CVE-2014-6049
Published: 2018-08-28

Description:
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.

Type:

CWE-285

 (Improper Authorization)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Phpmyfaq -> Phpmyfaq 

 References:
http://techdefencelabs.com/security-advisories.html
https://www.phpmyfaq.de/security/advisory-2014-09-16
Copyright 2024, cxsecurity.com

 

Back to Top