phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6049
Reference (s):
- https://www.phpmyfaq.de/security/advisory-2014-09-16
- http://techdefencelabs.com/security-advisories.html