|Title:||PHP-Fusion Database Backup Disclosure|
The remote host is using PHP-Fusion, a content management system,
written in PHP which uses MySQL.
A vulnerability exists in the remote version of this product which may allow
an attacker to obtain a dump of the remote database. PHP-Fusion has the
ability to create database backups and store them on the web server,
in the directory fusion_admin/db_backups/.
Since there is no access control on that directory, an attacker may
guess the name of a backuped database and download it.
Solution : Upgrade to the latest version of this software
Risk factor : Medium
BugTraq ID: 10974|
Common Vulnerability Exposure (CVE) ID: CVE-2004-1724
Bugtraq: 20040818 Multiple vulnerabilities in PHP-FUSION (Google Search)
XForce ISS Database: phpfusion-database-file-access(17037)
|Copyright||This script is Copyright (C) 2004 Tenable Network Security|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.