CVE-2010-4931

PHP-Fusion - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party

Exploits (1)

exploitdb WORKING POC

by MoDaMeR · phpwebappsphp

https://www.exploit-db.com/exploits/14647

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://attrition.org/pipermail/vim/2010-August/002391.html

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/14647

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/42456

Scores

EPSS 0.0479

EPSS Percentile 89.5%

Details

CWE

CWE-22

Status published

Products (1)

php-fusion/php-fusion

Published Oct 09, 2011

Tracked Since Feb 18, 2026