Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1703

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1703
Last Modified 05 Sep 2008 04:42:07
Published 30 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1703

Summary

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

Vulnerable Systems

Application

  • Fusionphp Fusion News 3.3

  • Fusionphp Fusion News 3.6.1


References

XF - fusion-news-add-account(16853)

BID - 10836

SECTRACK - 1010829

BUGTRAQ - 20040729 Fusion News Yet Another Unauthorized Account Addition Vulnerability


Last Updated: 27 May 2016 10:39:09