PDA

Visualizza versione completa : PHP-Fusion Public Accessible Database Backups


Giorgius
20-08-2004, 13.33.30
Effetti:
y3dips has reported a vulnerability in PHP-Fusion, allowing malicious people to view sensitive data.
1) Path information can be disclosed in error pages by passing invalid input or accessing scripts directly.
Examples:
fusion/fusion_admin/updateuser.php
fusion/fusion_admin/forums_prune.php
2) Database backup files are placed in a public accessible folder with easily guessable names. Backups are named using the date and time and is placed in "fusion/fusion_admin/db_backups/".
This has been reported in PHP-Fusion 4.0.0 other versions may also be affected.

Leggi:
http://secunia.com/advisories/12336/