phpMyFAQ/phpMyFAQ is affected by an authorization bypass. A remote authenticated user, with the privileges Right to add attachments
and Right to delete attachments
but without the privilege Right to download the attachments
, is able to download and read arbitrary attachments due to incorrect permission checks in the download attachments function in phpmyfaq/attachment.php
.