Family: CGI abuses --> Category: infos
PHP-Fusion Database Backup Disclosure Vulnerability Scan
Vulnerability Scan Summary
Checks the version of the remote PHP-Fusion
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is prone to
A vulnerability exists in the remote version of PHP-Fusion that may
allow a possible hacker to obtain a dump of the remote database. PHP-Fusion
has the ability to create database backups and store them on the web
server, in the directory '/fusion_admin/db_backups/'. Since there is
no access control on that directory, a possible hacker may guess the name of
a backuped database and download it.
See also :
Use a .htaccess file or the equivalent to control access to files in
the backup directory.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.