Vulners
Lucene search
php-fusion.txt
`
TheGreatOne2176, Reapercore
I have a found an error in php-fusion 4.x where you can view any thread on the forum.
In fusion_forum/viewthread.php the $_GET variables arent properly checked or queried making it possible to view all threads. The example I tested was
fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2
forum_id and forum_cat are not valid id's making the script skip them entirely. So the error comes in since each thread is assigned a certain integer (thread_id for this script) and since the category checks were being skipped, I could just browse the forum by picking a thread_id. I went number by number and could view all of the threads in the protected forums.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4