Description

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.

Remediation

References

CVE-2013-1807

Related Vulnerabilities

WordPress Plugin ICustomizer Cross-Site Scripting (1.4.13)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17312)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.1.6)

Jenkins Resource Management Errors Vulnerability (CVE-2014-3661)

Oracle Database Server Other Vulnerability (CVE-2005-3437)

Severity

Medium

Classification

CVE-2013-1807 CWE-264

Tags

Missing Update Known Vulnerabilities