CVE-2004-2255

Name of the Vulnerable Software and Affected Versions: phpMyFAQ version 1.3.12

Description: The issue allows remote attackers to read arbitrary files and possibly execute local PHP files. This is achieved via the action variable, which is used as part of a template filename.

Recommendations: For phpMyFAQ version 1.3.12, consider restricting access to the action variable to minimize the risk of exploitation. As a temporary workaround, avoid using the action variable in template filenames until a patch is available.