Описание
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
Ссылки
- Mailing List
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing List
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:fusionphp:fusion_news:3.6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00572
Низкий
8.8 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
EPSS
Процентиль: 68%
0.00572
Низкий
8.8 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-352