{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T13:53:53.017","vulnerabilities":[{"cve":{"id":"CVE-2026-24420","sourceIdentifier":"security-advisories@github.com","published":"2026-01-24T03:16:00.760","lastModified":"2026-01-28T18:25:46.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version"},{"lang":"es","value":"phpMyFAQ es una aplicación web de FAQ de código abierto. Las versiones 4.0.16 e inferiores permiten a un usuario autenticado sin el permiso dlattachment descargar archivos adjuntos de FAQ debido a una verificación de permisos incompleta. La presencia de una clave correcta se valida incorrectamente como prueba de autorización en attachment.php. Además, la lógica de permisos de grupo y usuario contiene una expresión condicional defectuosa que puede permitir el acceso no autorizado. Este problema ha sido solucionado en la versión"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.17","matchCriteriaId":"8A48918B-2C09-403F-A8A5-8179AE32363E"}]}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}