Vulnerabilities > CVE-2004-1723 - Information Disclosure vulnerability in PHP Fusion PHP Fusion 4.00
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |