icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP-Fusion < 6.00.307 Local File Inclusion

Medium

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

According to its version number, the remote host is running a version of PHP-Fusion that suffers from a flaw where remote attackers can specify arbitrary 'include' files which will be retrieved and displayed by the web server. An attacker exploiting this flaw would simply need to supply '../<filename>' to the PHP-Fusion application. Successful exploitation would result in the attacker gaining access to confidential data.

Solution

Upgrade to version 6.00.307 or higher.