phpMyFAQ is an open-source FAQ web application widely used for managing frequently asked questions and related documentation. In versions 4.0.16 and earlier, a critical flaw exists in the attachment download functionality (attachment.php) where permission checks are improperly implemented. Specifically, the application incorrectly validates the presence of a 'right key' as sufficient proof of authorization, bypassing the intended 'dlattachment' permission requirement. Additionally, the logic that evaluates group and user permissions contains a flawed conditional expression, which can inadvertently grant unauthorized users access to download attachments. This improper access control vulnerability falls under CWE-284 and allows any authenticated user, regardless of their assigned permissions, to access and download FAQ attachments that should be restricted. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network. The CVSS 3.1 base score of 6.5 reflects a medium severity, with high confidentiality impact but no impact on integrity or availability. The vulnerability has been addressed and fixed in phpMyFAQ version 4.0.17, where permission checks have been corrected to properly enforce the 'dlattachment' permission and fix the conditional logic errors.

For European organizations using phpMyFAQ versions prior to 4.0.17, this vulnerability poses a significant confidentiality risk. Unauthorized access to FAQ attachments could lead to exposure of sensitive internal documentation, intellectual property, or customer information contained within attachments. This could result in data breaches, regulatory non-compliance (e.g., GDPR violations), and reputational damage. Since phpMyFAQ is often used in customer support and knowledge management contexts, leaked attachments might reveal internal processes or confidential client data. The vulnerability requires authentication, so the attacker must have valid credentials, but these could be obtained through phishing or credential reuse attacks. The flaw does not affect system integrity or availability, but the confidentiality breach alone can have serious consequences for organizations handling sensitive information. The lack of known exploits in the wild reduces immediate risk but should not lead to complacency.

European organizations should immediately upgrade phpMyFAQ installations to version 4.0.17 or later where the vulnerability is fixed. If immediate upgrade is not feasible, implement strict access controls on the phpMyFAQ application, including strong authentication mechanisms and monitoring for unusual attachment download activity. Review and audit user permissions to ensure only authorized users have access to sensitive attachments. Employ network segmentation and web application firewalls (WAFs) to restrict access to the phpMyFAQ server. Additionally, consider disabling attachment downloads temporarily if they are not essential. Conduct regular security assessments and penetration tests focusing on access control mechanisms. Educate users on credential security to reduce the risk of compromised accounts that could exploit this vulnerability.