The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote malicious users to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php fusion php fusion 4.0 |