Skip to main content

Php Fusion CVE-2013-1807

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2014-04-30 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 30, 2014 - 23:58 cve.org
MEDIUM 5.0

DescriptionCVE.org

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.

AnalysisAI

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Technical ContextAI

This vulnerability is classified under CWE-264. PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/. Affected products include: Php-Fusion. Version information: before 7.02.06.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-1806 MEDIUM POC
6.5 Apr 30

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include an

CVE-2020-24949 HIGH POC
8.8 Sep 03

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a cr

CVE-2020-12461 HIGH POC
8.8 Apr 29

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. Rated high severi

CVE-2019-12099 HIGH POC
8.8 May 14

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dyn

CVE-2013-7375 HIGH POC
7.5 May 05

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remo

CVE-2013-1803 HIGH POC
7.5 May 05

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL comm

CVE-2014-8596 HIGH POC
7.5 Nov 17

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL c

CVE-2020-14960 HIGH POC
7.2 Jun 22

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype param

CVE-2020-17450 MEDIUM POC
6.1 Aug 12

PHP-Fusion 9.03 allows XSS on the preview page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploit

CVE-2020-12708 MEDIUM POC
6.1 May 07

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web scrip

CVE-2013-1804 MEDIUM POC
4.3 Apr 29

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitr

CVE-2015-8375 MEDIUM POC
5.4 Sep 25

Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. Rated medium severity (CVSS 5.4), this vulnerability is remote

Share

CVE-2013-1807 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy