[MEDIUM] phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

PKSA-mvwk-xn5v-s54b CVE-2026-24420 GHSA-7p9h-m7m8-vhhv

Affected package: thorsten/phpmyfaq

Affected version: <=4.0.16

Reported by:
GitHub