Vulnerabilities > CVE-2004-1724 - Information Disclosure vulnerability in PHP Fusion PHP Fusion 4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | PHP-Fusion Database Backup Information Disclosure Vulnerability. CVE-2004-1724. Webapps exploit for php platform |
id | EDB-ID:24384 |
last seen | 2016-02-02 |
modified | 2004-07-18 |
published | 2004-07-18 |
reporter | Ahmad Muammar |
source | https://www.exploit-db.com/download/24384/ |
title | PHP-Fusion Database Backup Information Disclosure Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PHP_FUSION_DB_BACKUP_DISCLOSURE.NASL |
description | A vulnerability exists in the remote version of PHP-Fusion that may allow an attacker to obtain a dump of the remote database. PHP-Fusion has the ability to create database backups and store them on the web server, in the directory |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14356 |
published | 2004-08-23 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14356 |
title | PHP-Fusion Database Backup Disclosure |
code |
|