CVE-2013-1807

php-fusion < 7.02.06 - Information Disclosure via Predictable Backup Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1807.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in PHP-Fusion 7.02.05, including Local File Inclusion (LFI) via insufficient sanitization of user-supplied data in 'maincore.php' and 'administration/user_fields.php', and SQL Injection (SQLi) in 'Authenticate.class.php' and 'downloads.php'. The analysis includes code snippets, attack vectors, and preconditions for exploitation.

Description

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/24562

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in PHP-Fusion 7.02.05, including Local File Inclusion (LFI) via insufficient sanitization of user-supplied data in 'maincore.php' and 'administration/user_fields.php', and SQL Injection (SQLi) in 'Authenticate.class.php' and 'downloads.php'. The analysis includes code snippets, attack vectors, and preconditions for exploitation.

Classification

Writeup 100%

Attack Type

Lfi | Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHP-Fusion 7.02.05

Auth required

Prerequisites: Logged in as valid user/admin · PHP < 5.3.4 for null-byte attacks · magic_quotes_gpc=off for SQLi

MITRE ATT&CK