Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2004-1703

Published: 30/07/2004 Updated: 08/02/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Fusion News 3.6.1 allows remote malicious users to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

Vulnerable Product Search on Vulmon Subscribe to Product

fusionphp fusion news 3.6.1

Exploits

Exploit DB: Fusionphp Fusion News 3.3/3.6 - Administrator Command Execution
source: wwwsecurityfocuscom/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability This issue is due to a failure of the application to properly validate access to administrative commands This issue permits a remote attacker to create a malicious URI link or embed a malicious URI ...

References

CWE-352http://www.securityfocus.com/bid/10836http://securitytracker.com/id?1010829http://marc.info/?l=bugtraq&m=109122824523226&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16853https://nvd.nist.govhttps://www.exploit-db.com/exploits/24341/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223CVE-2024-0044information disclosureCVE-2024-35753HTML injectionCVE-2024-21306CVE-2024-35733SQL injectionCVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook