CVE-2004-1703

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

CVSS v3 8.8 HIGH
CVSS v2.0 7.5 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=109122824523226&w=2	Mailing List
http://securitytracker.com/id?1010829	Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/10836	Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16853	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:fusionphp:fusion_news:3.6.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-07-30 04:00

Updated : 2024-02-08 20:46

NVD link : CVE-2004-1703

Mitre link : CVE-2004-1703

CVE.ORG link : CVE-2004-1703

JSON object : View

Products Affected

fusionphp

fusion_news

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2004-1703", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2004-07-30T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=109122824523226&w=2", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1010829", "tags": ["Broken Link", "Exploit", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10836", "tags": ["Broken Link", "Exploit", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16853", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag."}], "lastModified": "2024-02-08T20:46:04.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fusionphp:fusion_news:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DABAE06D-BAE7-4551-AC39-7869817A2D44"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}