Main Vulnerability Database Exploits ID:4015 - Exploit for Permissions, Privileges, and Access Controls in PHP-Fusion - CVE-2013-1807

ID:4015 - Exploit for Permissions, Privileges, and Access Controls in PHP-Fusion - CVE-2013-1807

Published: August 11, 2020

Vulnerability identifier: #VU41735

Vulnerability risk: Medium

CVE-ID: CVE-2013-1807

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
PHP-Fusion

Link to public exploit:

https://www.exploit-db.com/exploits/24562/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.

Remediation

Install update from vendor's website.

ID:4015 - Exploit for Permissions, Privileges, and Access Controls in PHP-Fusion - CVE-2013-1807

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human