Description
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Remediation
References
Related Vulnerabilities
XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)
Joomla Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-15699)
WordPress Plugin mb.YTPlayer for background videos Unspecified Vulnerability (1.7.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4303)