Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified...
7.7AI Score
0.002EPSS
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath...
8.3AI Score
0.12EPSS
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log...
8.1AI Score
0.014EPSS
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img...
8.8CVSS
7.4AI Score
0.005EPSS