Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

PHP-Fusion Database Backup Disclosure Vulnerability Scan

Vulnerability Scan Summary
Checks the version of the remote PHP-Fusion

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is prone to
information disclosure.

Description :

A vulnerability exists in the remote version of PHP-Fusion that may
allow a possible hacker to obtain a dump of the remote database. PHP-Fusion
has the ability to create database backups and store them on the web
server, in the directory '/fusion_admin/db_backups/'. Since there is
no access control on that directory, a possible hacker may guess the name of
a backuped database and download it.

See also :

Solution :

Use a .htaccess file or the equivalent to control access to files in
the backup directory.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.