9 lines
No EOL
896 B
Text
9 lines
No EOL
896 B
Text
source: https://www.securityfocus.com/bid/10836/info
|
|
|
|
It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands.
|
|
|
|
This issue permits a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activates this URI, the attacker-supplied command would be carried out with the administrator's privileges. This occurs in the security context of the affected web site and would cause various administrator actions to be taken.
|
|
|
|
Version 3.6.1 and prior are reported to be affected by this vulnerability.
|
|
|
|
http://www.example.com/news/index.php?id=signup&username=example&email=user@example.com&password=password&icon=&le=3&timeoffset=1 |