Description
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
Remediation
References
Related Vulnerabilities
ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)
WordPress Plugin WP Widget Cache Cross-Site Scripting (0.26)
Nginx Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2263)
Magento Improper Authorization Vulnerability (CVE-2020-24402)
WordPress Plugin WP Booking System Multiple Vulnerabilities (1.5.1)