Description

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.

Remediation

References

CVE-2013-1807

Related Vulnerabilities

WordPress Plugin Advanced Classifieds & Directory Pro Cross-Site Scripting (1.7.5)

WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)

Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3562)

WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery (0.9.5.1)

Severity

Medium

Classification

CVE-2013-1807 CWE-264

Tags

Missing Update Known Vulnerabilities