Vulnerability Description
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php-Fusion | Php-Fusion | <= 7.02.05 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-InjecExploit
- http://seclists.org/fulldisclosure/2013/Feb/154
- http://www.openwall.com/lists/oss-security/2013/03/03/1
- http://www.openwall.com/lists/oss-security/2013/03/03/2
- http://www.osvdb.org/90692
- http://www.osvdb.org/90694
- http://www.osvdb.org/90696
- http://www.php-fusion.co.uk/news.php?readmore=569PatchVendor Advisory
- http://www.waraxe.us/advisory-97.htmlExploit
- http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-InjecExploit
- http://seclists.org/fulldisclosure/2013/Feb/154
- http://www.openwall.com/lists/oss-security/2013/03/03/1
- http://www.openwall.com/lists/oss-security/2013/03/03/2
- http://www.osvdb.org/90692
- http://www.osvdb.org/90694
FAQ
What is CVE-2013-1806?
CVE-2013-1806 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to ...
How severe is CVE-2013-1806?
CVE-2013-1806 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1806?
Check the references section above for vendor advisories and patch information. Affected products include: Php-Fusion Php-Fusion.