The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote malicious users to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php fusion php fusion 4.00 |