The PHP-Fusion BBCode system contains a XSRF vulnerability which is exploited through the IMG tags. The function that checks a remote image link will output an image as a long a as it meets the requirements (in this cases an image). Check image exists => check file extension is valid for images => if !$err => display image else => not display image.
This is private exploit. You can buy it at https://0day.today