Description
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Joseph Moniz · textwebappsphp
https://www.exploit-db.com/exploits/24341
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109122824523226&w=2
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10836
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010829
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16853
Scores
CVSS v3
8.8
EPSS
0.0073
EPSS Percentile
72.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
fusionphp/fusion_news
3.6.1
Published
Jul 30, 2004
Tracked Since
Feb 18, 2026