CVE-2004-1703

8.8 HIGH
Published: July 30, 2004 Modified: April 16, 2026
View on NVD

Description

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://marc.info/?l=bugtraq&m=109122824523226&w=2
Source: cve@mitre.org
Mailing List
http://securitytracker.com/id?1010829
Source: cve@mitre.org
Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/10836
Source: cve@mitre.org
Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16853
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://marc.info/?l=bugtraq&m=109122824523226&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://securitytracker.com/id?1010829
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/10836
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16853
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.8 / 10.0
EPSS (Exploit Probability)
0.6%
69th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

fusionphp

Related CVEs

CVE-2026-40962 4.9
CVE-2026-40505 3.3
CVE-2026-40504 9.8
CVE-2026-3299 6.4
CVE-2026-40960 8.1