Fusionphp: >> Fusion News >> 3.6.1 Security Vulnerabilities
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVSS Score
7.5
EPSS Score
0.074
Published
2006-08-21
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
CVSS Score
8.8
EPSS Score
0.006
Published
2004-07-30