CyberSec.Space Logo
Back to CVE Browser

CVE-2010-4931

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile39.45th
PublishedOct 9, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party

Affected Platforms (CPE)

πŸ“¦
Php Fusion

Php Fusion

All versions

References & Advisories

πŸ”— http://attrition.org/pipermail/vim/2010-August/002391.html
πŸ”— http://www.exploit-db.com/exploits/14647
πŸ”— http://www.securityfocus.com/bid/42456
πŸ”— http://attrition.org/pipermail/vim/2010-August/002391.html
πŸ”— http://www.exploit-db.com/exploits/14647
πŸ”— http://www.securityfocus.com/bid/42456

Related Vulnerabilities

CVE-2020-289049.8

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installatio...

CVE-2020-237549.6

Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to ...

CVE-2020-124618.8

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a c...

CVE-2019-120998.8

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/incl...