CVE-2004-1703

Published: Jul 30, 2004Modified: Apr 16, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

Affected (1)

Products: Fusionphp: Fusion News

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fusionphp Fusion News	Version 3.6.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://marc.info/?l=bugtraq&m=109122824523226&w=2

Source: cve@mitre.org

Mailing List

http://securitytracker.com/id?1010829

Source: cve@mitre.org

Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory

http://www.securityfocus.com/bid/10836

Source: cve@mitre.org

Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/16853

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://marc.info/?l=bugtraq&m=109122824523226&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://securitytracker.com/id?1010829

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory

http://www.securityfocus.com/bid/10836

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/16853

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.