PHP-Fusion Database Backup Information Disclosure

Medium Nessus Network Monitor Plugin ID 2128

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote host is running a version of PHP-Fusion that is prone to an information disclosure issue. In versions prior to 4.01, an attacker may download an entire backup of the web site database if he can guess the name of the backup file.

Solution

No solution is known at this time.

Plugin Details

Severity: Medium

ID: 2128

Family: CGI

Published: 2004/08/18

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:php_fusion:php_fusion

Reference Information

CVE: CVE-2004-1724

BID: 10974