Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FusionphpFusion News

3 matches found

CVE
CVEadded 2006/07/06 8:0 p.m.59 views

CVE-2006-3387

CVE-2006-3387 describes a directory traversal vulnerability in Fusion News 1.0. When register_globals is enabled, an attacker can manipulate the fil_config parameter in sources/post.php using a .. sequence to include arbitrary files. This can allow an attacker to execute PHP code that has been in...

5.1CVSS7.6AI score0.01951EPSS
Web
CVE
CVEadded 2005/02/26 5:0 a.m.56 views

CVE-2004-1703

Fusion News 3.6.1 is affected. A remote attacker can add user accounts if the administrator is logged in by embedding an img bbcode tag in a comment that calls index.php with the signup action, which executes when the administrator’s browser loads the page containing the img tag. This is due to t...

8.8CVSS7AI score0.01964EPSS
CVE
CVEadded 2006/08/21 6:0 p.m.40 views

CVE-2006-4240

The CVE-2006-4240 entry describes a PHP remote file inclusion in Fusion News 3.7 (index.php) that allows an attacker to execute arbitrary PHP code via a URL parameter fpath. This is the core vulnerability and the affected component is Fusion News 3.7, specifically the index.php file handling fpat...

7.5CVSS7.9AI score0.03179EPSS