PHP-Fusion < 6.00.307 Local File Inclusion
Medium Nessus Network Monitor Plugin ID 3560
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionAccording to its version number, the remote host is running a version of PHP-Fusion that suffers from a flaw where remote attackers can specify arbitrary 'include' files which will be retrieved and displayed by the web server. An attacker exploiting this flaw would simply need to supply '../<filename>' to the PHP-Fusion application. Successful exploitation would result in the attacker gaining access to confidential data.
SolutionUpgrade to version 6.00.307 or higher.