Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

PHP-Fusion <= 6.00.105 Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in PHP-Fusion <= 6.00.105

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that suffers from two

Description :

According to its banner, the remote host is running a version of
PHP-Fusion that suffers from two vulnerabilities :

- An Information Disclosure Vulnerability
PHP Fusion stores database backups in a known location
within the web server's documents directory. A possible hacker
may be able to retrieve these backups and obtain
password hashes or other sensitive information from the

- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can inject malicious HTML and script code
into the 'news_body', 'article_description', and the
'article_body' parameters when submitting news or an

See also :

Solution :

Upgrade to PHP-Fusion 6.00.106 or later.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.