CVE-2013-1806
published 2014-04-30CVE-2013-1806: Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot…
PriorityP345medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
7.84%
93.9th percentile
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-fusion | php-fusion | <= 7.02.05 | — |
| php-fusion | php-fusion | — | — |
| php-fusion | php-fusion | — | — |
| php-fusion | php-fusion | — | — |
| php-fusion | php-fusion | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-96vh-6p2h-62ph: Multiple directory traversal vulnerabilities in PHP-Fusion before 7
ghsa_unreviewed·2022-05-17
CVE-2013-1806 [MEDIUM] CWE-22 GHSA-96vh-6p2h-62ph: Multiple directory traversal vulnerabilities in PHP-Fusion before 7
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.
Red Hat
samba: no access check verification on stream files
vendor_redhat·2013-10-25·CVSS 4.0
CVE-2013-4475 [MEDIUM] samba: no access check verification on stream files
samba: no access check verification on stream files
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
Statement: This issue did not affect the samba package in Red Hat Enterprise Linux 5. This issue was addressed for the samba3x package in Red Hat Enterprise Linux 5 and the samba package in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2013-1806.html, and the samba package in Red Hat Storage via https://rhn.redhat.com/errata/RHSA-2014-0009.html
Package: samba (Red Hat Enterprise Linux 5) - Not affected
Package: samba (Red Hat
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2013/Feb/154http://www.openwall.com/lists/oss-security/2013/03/03/1http://www.openwall.com/lists/oss-security/2013/03/03/2http://www.osvdb.org/90692http://www.osvdb.org/90694http://www.osvdb.org/90696http://www.php-fusion.co.uk/news.php?readmore=569http://www.waraxe.us/advisory-97.htmlhttp://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2013/Feb/154http://www.openwall.com/lists/oss-security/2013/03/03/1http://www.openwall.com/lists/oss-security/2013/03/03/2http://www.osvdb.org/90692http://www.osvdb.org/90694http://www.osvdb.org/90696http://www.php-fusion.co.uk/news.php?readmore=569http://www.waraxe.us/advisory-97.html
2014-04-30
Published