Vulnerability Details CVE-2004-1703
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=109122824523226&w=2
- http://securitytracker.com/id?1010829
- http://www.securityfocus.com/bid/10836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16853
- http://marc.info/?l=bugtraq&m=109122824523226&w=2
- http://securitytracker.com/id?1010829
- http://www.securityfocus.com/bid/10836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16853
Products affected by CVE-2004-1703
-
cpe:2.3:a:fusionphp:fusion_news:3.6.1