CVE-2026-24420
BaseFortify
Publication date: 2026-01-24
Last updated on: 2026-01-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpmyfaq | phpmyfaq | to 4.0.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a broken access control issue in phpMyFAQ version 4.0.16 and below. It allows authenticated users who do not have the 'dlattachment' permission to download FAQ attachments. The problem arises from a flawed permission check in the attachment.php file, where the presence of a permission key is improperly validated using isset(), which returns true even if the permission value is false. This causes the access control logic to rely mainly on group permissions, potentially allowing unauthorized users to access attachments they should not be able to download. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is a confidentiality breach. Unauthorized users who are logged in but lack the proper 'dlattachment' permission can download potentially sensitive FAQ attachments. This could lead to exposure of confidential information contained in those attachments. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to download FAQ attachments as a logged-in user who does not have the "dlattachment" permission. A proof of concept involves authenticating as a non-admin user without the "dlattachment" right and then requesting the attachment download endpoint. This can be done using curl commands to authenticate and then download the attachment, checking if unauthorized access is possible. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade phpMyFAQ to version 4.0.17 or later, where the issue has been fixed. Until the upgrade can be performed, restrict access to the attachment download endpoint to only authorized users and review user permissions to ensure that unauthorized users do not have access to attachments. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability leads to unauthorized access to FAQ attachments, causing a confidentiality breach. Such unauthorized disclosure of potentially sensitive information could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive data. However, specific compliance impacts are not detailed in the provided resources. [1]