PHP-Fusion allows access to database file

phpfusion-database-file-access (17037) The risk level is classified as MediumMedium Risk

Description:

PHP-Fusion could allow a remote attacker to obtain sensitive information. A remote attacker, with knowledge of the database file name, can send a specially-crafted URL request for this file to download the database.

Platforms Affected:

  • PHP-Fusion, PHP-Fusion 4.0

Remedy:

No remedy available as of February 16, 2009.

Consequences:

Obtain Information

References:

  • BugTraq Mailing List, Tue Aug 17 2004 - 20:36:53 CDT, Multiple vulnerabilities in PHP-FUSION at http://archives.neohapsis.com/archives/bugtraq/2004-08/0243.html.
  • PHP-Fusion Web page, Project: PHP-Fusion: Summary at http://sourceforge.net/projects/php-fusion/.
  • BID-10974: PHP-Fusion Database Backup Information Disclosure Vulnerability
  • CVE-2004-1724: The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
  • CVE-2005-2075: PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.
  • SA12336: PHP-Fusion Public Accessible Database Backups
  • SA15830: PHP-Fusion Two Vulnerabilities
  • VUPEN/ADV-2005-0888: PHP-Fusion Cross Site Scripting and Security Bypass Vulnerabilities

Reported:

Aug 18, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page