PHP-Fusion prior to 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote malicious users to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php-fusion php-fusion |
||
php-fusion php-fusion 7.02.02 |
||
php-fusion php-fusion 7.02.01 |
||
php-fusion php-fusion 7.02.04 |
||
php-fusion php-fusion 7.02.03 |