Vulnerability Description
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fusionphp | Fusion News | 3.6.1 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=109122824523226&w=2Mailing List
- http://securitytracker.com/id?1010829Broken LinkExploitThird Party Advisory
- http://www.securityfocus.com/bid/10836Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16853Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=109122824523226&w=2Mailing List
- http://securitytracker.com/id?1010829Broken LinkExploitThird Party Advisory
- http://www.securityfocus.com/bid/10836Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16853Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-1703?
CVE-2004-1703 is a vulnerability with a CVSS score of 8.8 (HIGH). Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is e...
How severe is CVE-2004-1703?
CVE-2004-1703 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1703?
Check the references section above for vendor advisories and patch information. Affected products include: Fusionphp Fusion News.