PHP-Fusion Database Backup Information Disclosure

medium Nessus Network Monitor Plugin ID 2128

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote host is running a version of PHP-Fusion that is prone to an information disclosure issue. In versions prior to 4.01, an attacker may download an entire backup of the web site database if he can guess the name of the backup file.

Solution

No solution is known at this time.

Plugin Details

Severity: Medium

ID: 2128

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 14356

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:php_fusion:php_fusion

Reference Information

CVE: CVE-2004-1724

BID: 10974