CVE DATABASE / CVE-2004-1703
CVE-2004-1703
CVSS 8.8 · HIGH
Summary
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Fusionphp fusion news
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=109122824523226&w=2
- http://securitytracker.com/id?1010829
- http://www.securityfocus.com/bid/10836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16853
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.