Description
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Classifieds & Directory Pro Cross-Site Scripting (1.7.5)
WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)
Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743)
WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery (0.9.5.1)