Vulnerability Description
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php-Fusion | Php-Fusion | <= 7.02.05 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-InjecExploit
- http://seclists.org/fulldisclosure/2013/Feb/154
- http://www.openwall.com/lists/oss-security/2013/03/03/1
- http://www.openwall.com/lists/oss-security/2013/03/03/2
- http://www.osvdb.org/90691
- http://www.php-fusion.co.uk/news.php?readmore=569PatchVendor Advisory
- http://www.waraxe.us/advisory-97.htmlExploit
- http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-InjecExploit
- http://seclists.org/fulldisclosure/2013/Feb/154
- http://www.openwall.com/lists/oss-security/2013/03/03/1
- http://www.openwall.com/lists/oss-security/2013/03/03/2
- http://www.osvdb.org/90691
- http://www.php-fusion.co.uk/news.php?readmore=569PatchVendor Advisory
- http://www.waraxe.us/advisory-97.htmlExploit
FAQ
What is CVE-2013-1807?
CVE-2013-1807 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information vi...
How severe is CVE-2013-1807?
CVE-2013-1807 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1807?
Check the references section above for vendor advisories and patch information. Affected products include: Php-Fusion Php-Fusion.