Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP-Fusion < 6.00.307 Local File Inclusion

Medium

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

According to its version number, the remote host is running a version of PHP-Fusion that suffers from a flaw where remote attackers can specify arbitrary 'include' files which will be retrieved and displayed by the web server. An attacker exploiting this flaw would simply need to supply '../<filename>' to the PHP-Fusion application. Successful exploitation would result in the attacker gaining access to confidential data.

Solution

Upgrade to version 6.00.307 or higher.