Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Fusion数据库备份泄露漏洞
Vulnerability Description
PHP-Fusion是一款基于PHP的内容管理系统。 PHP-Fusion存在多个安全问题,远程攻击者可以利用这些漏洞下载备份数据库,判断安装路径等。 y3dips报告远程用户可以访问'fusion_admin/db_backups'目录中的备份文件,文件名为: - backup_year-month-day_time.sql - backup_year-month-day_time.sql.gz 远程用户可以测试文件名下载,文件包含用户名和MD5密码HASH信息。利用这些信息可能以管理员权限访问应用程序
CVSS Information
N/A
Vulnerability Type
N/A