Fusion News

fusion_news

Vendor: Fusionphp • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-4240 1Fusionphp 1Fusion News Apr 16, 2026 Aug 21, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVE-2006-3387 1Fusionphp 1Fusion News Apr 16, 2026 Jul 6, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, whic...Show more Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.Show less
CVE-2004-1703 1Fusionphp 1Fusion News Apr 16, 2026 Jul 30, 2004 N/A· v4 8.8 HIGH· v3 7.5 HIGH· v2 Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the adm...Show more Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.Show less