VULHUB ™

phpMyFAQ is prone to an arbitrary file disclosure vulnerability that can allow a remote attacker to gain access to potentially sensitive information. This vulnerability exists due to insufficient sanitization of user-supplied data via the 'action' parameter. An attacker can disclose files by passing a relative path to a file and concatenating the path with a '\0' string terminator. phpMyFAQ version 1.3.12 is prone to this issue.

phpMyFAQ is prone to an arbitrary file disclosure vulnerability that can allow a remote attacker to gain access to potentially sensitive information. This vulnerability exists due to insufficient sanitization of user-supplied data via the 'action' parameter. An attacker can disclose files by passing a relative path to a file and concatenating the path with a '\0' string terminator. phpMyFAQ version 1.3.12 is prone to this issue.