Back to search
CVE-2004-1703
Published: Feb 26, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20040729 Fusion News Yet Another Unauthorized Account Addition Vulnerability
mailing-list
x_refsource_BUGTRAQ
10836
vdb-entry
x_refsource_BID
1010829
vdb-entry
x_refsource_SECTRACK
fusion-news-add-account(16853)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now