返回 CVE 瀏覽器

CVE-2010-4931

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1970%

EPSS Percentile39.45th

Published2011年10月9日

Last Modified2026年4月29日

Vulnerability Description

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party

Affected Platforms (CPE)

📦

Php Fusion

Php Fusion

All versions

References & Advisories

🔗 http://attrition.org/pipermail/vim/2010-August/002391.html

🔗 http://www.exploit-db.com/exploits/14647

🔗 http://www.securityfocus.com/bid/42456

🔗 http://attrition.org/pipermail/vim/2010-August/002391.html

🔗 http://www.exploit-db.com/exploits/14647

🔗 http://www.securityfocus.com/bid/42456

相關漏洞威脅

CVE-2020-289049.8

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installatio...

CVE-2020-237549.6

Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to ...

CVE-2020-124618.8

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a c...

CVE-2019-120998.8

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/incl...