Lucene search

[email protected]CVE-2004-1703

HistoryJul 30, 2004 - 4:00 a.m.

CVE-2004-1703

2004-07-3004:00:00

CWE-352

[email protected]

web.nvd.nist.gov

fusion news

cve-2004-1703

remote attackers

user accounts

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

JSON

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator’s browser loads the page with the img tag.

CPENameOperatorVersion
fusionphp:fusion_newsfusionphp fusion newseq3.6.1

CPE	Name	Operator	Version
fusionphp:fusion_news	fusionphp fusion news	eq	3.6.1

References

marc.info/?l=bugtraq&m=109122824523226&w=2

securitytracker.com/id?1010829

www.securityfocus.com/bid/10836

exchange.xforce.ibmcloud.com/vulnerabilities/16853

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

JSON