Reapercore

**Name of the Vulnerable Software and Affected Versions** php-fusion versions 4.x **Description** The issue concerns the `viewthread.php` file in php-fusion, which fails to check the `forum id` or `forum cat` parameters. This allows remote attackers to view protected forums by manipulating the `thread id` parameter. **Recommendations** For php-fusion version 4.x, as a temporary workaround, consider restricting access to the `viewthread.php` file until a patch is available. Additionally, avoid using the `forum id` and `forum cat` parameters in the affected API endpoint until the issue is resolved.