PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-04-30T22:00:00
Updated: 2014-04-30T21:57:00
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-1807
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-04-30T23:58:26.593
Modified: 2014-05-01T15:35:01.293
Link: CVE-2013-1807
JSON object: View
Redhat Information
No data.
CWE