CVE-2004-1724

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 4.0

Description The issue concerns the instructions provided in the ReadMe First.txt file for PHP-Fusion, which advises setting the permissions on the fusion admin/db backups directory to world read/write/execute. This setting allows remote attackers to access database backups, as the filenames are easily guessable and the backups contain sensitive information, including the administrator username and password.

Recommendations For PHP-Fusion version 4.0, change the permissions on the fusion admin/db backups directory to more restrictive settings to prevent unauthorized access, and consider renaming or relocating database backups to make them less accessible.