Description

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.

Remediation

References

CVE-2013-1807

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-7584)

PHP Other Vulnerability (CVE-2007-1889)

phpBB Improper Initialization Vulnerability (CVE-2001-1471)

MySQL CVE-2013-1511 Vulnerability (CVE-2013-1511)

WordPress Plugin Universal Post Manager Cross-Site Scripting and SQL Injection Vulnerabilities (1.0.9)

Severity

Medium

Classification

CVE-2013-1807 CWE-264

Tags

Missing Update Known Vulnerabilities