3 matches found
CVE-2013-1806
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. dot dot in the 1 usertheme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the 2 enable...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1806. Reason: This issue was MERGED into CVE-2013-1806 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-1806...
CVE-2013-1806
PHP-Fusion before 7.02.06 has multiple directory traversal vulnerabilities: remote authenticated users can include/execute arbitrary files via .. in user_theme (maincore.php); remote authenticated admins can delete arbitrary files via enable (administration/user_fields.php) or file (administratio...