cbcvebase.
CVE-2013-1806
published 2014-04-30

CVE-2013-1806: Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot…

PriorityP345medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
7.84%
93.9th percentile
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.

Affected

5 ranges
VendorProductVersion rangeFixed in
php-fusionphp-fusion<= 7.02.05
php-fusionphp-fusion
php-fusionphp-fusion
php-fusionphp-fusion
php-fusionphp-fusion

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.