Vulnerability Details : CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
Exploit prediction scoring system (EPSS) score for CVE-2004-1724
Probability of exploitation activity in the next 30 days: 5.57%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-1724
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-1724
Products affected by CVE-2004-1724
- cpe:2.3:a:php_fusion:php_fusion:4.0:*:*:*:*:*:*:*