Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1703


Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1703
Last Modified 05 Sep 2008 04:42:07
Published 30 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

Vulnerable Systems


  • Fusionphp Fusion News 3.3

  • Fusionphp Fusion News 3.6.1


XF - fusion-news-add-account(16853)

BID - 10836

SECTRACK - 1010829

BUGTRAQ - 20040729 Fusion News Yet Another Unauthorized Account Addition Vulnerability

Last Updated: 27 May 2016 10:39:09