Description phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. Remediation References CVE-2014-6048 Related Vulnerabilities PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3478) WordPress Plugin WP-Live Chat by 3CX Cross-Site Request Forgery (8.0.37) WordPress Plugin Subscriptions & Memberships for PayPal Unspecified Vulnerability (1.1.5) Wordpress Plugin Backup Migration Files or Directories Accessible to External Parties Vulnerability (CVE-2023-6266) WordPress Plugin WP Visitor Statistics (Real Time Traffic) Unspecified Vulnerability (4.8) Severity Medium Classification CVE-2014-6048 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities