VYPR
Unrated severityNVD Advisory· Published Apr 30, 2014· Updated Jun 16, 2026

CVE-2013-1806

CVE-2013-1806

Description

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:php-fusion:php-fusion:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:php-fusion:php-fusion:*:*:*:*:*:*:*:*range: <=7.02.05
    • cpe:2.3:a:php-fusion:php-fusion:7.02.01:*:*:*:*:*:*:*
    • cpe:2.3:a:php-fusion:php-fusion:7.02.02:*:*:*:*:*:*:*
    • cpe:2.3:a:php-fusion:php-fusion:7.02.03:*:*:*:*:*:*:*
    • cpe:2.3:a:php-fusion:php-fusion:7.02.04:*:*:*:*:*:*:*
    • (no CPE)range: <7.02.06

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.