CVE Vulnerabilities

CVE-2004-1703

Published: Jul 30, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrators browser loads the page with the img tag.

Affected Software

Name Vendor Start Version End Version
Fusion_news Fusionphp 3.3 3.3
Fusion_news Fusionphp 3.6.1 3.6.1

References