CVE-2004-1703

Name of the Vulnerable Software and Affected Versions Fusion News version 3.6.1

Description The issue allows remote attackers to add user accounts if the administrator is logged in. This can be achieved by including an img bbcode tag in a comment that calls index.php with the signup action. The action is executed when the administrator's browser loads the page containing the img tag.

Recommendations For Fusion News version 3.6.1, consider disabling the execution of the signup action in index.php to prevent unauthorized user account additions until a patch is available. Restrict access to the administrator's account and ensure that comments are thoroughly validated to prevent malicious bbcode tags.