#VU41734 Path traversal in PHP-Fusion - CVE-2013-1806

Cybersecurity Help s.r.o.

Published: 2014-05-01 | Updated: 2020-08-11

Vulnerability identifier: #VU41734

Vulnerability risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2013-1806

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHP-Fusion
Web applications / CMS

Vendor: PHP-Fusion

Description

The vulnerability allows a remote #AU# to read and manipulate data.

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP-Fusion: 7.02.01 - 7.02.04

External links
https://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html
https://seclists.org/fulldisclosure/2013/Feb/154
https://www.openwall.com/lists/oss-security/2013/03/03/1
https://www.openwall.com/lists/oss-security/2013/03/03/2
https://www.osvdb.org/90692
https://www.osvdb.org/90694
https://www.osvdb.org/90696
https://www.php-fusion.co.uk/news.php?readmore=569
https://www.waraxe.us/advisory-97.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in PHP-Fusion