PT-2004-2891 · Fusetalk · Fusetalk
Stuart Jamieson
·
Published
2004-12-31
·
Updated
2024-02-08
·
CVE-2004-1995
CVSS v2.0
7.5
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Exploit
Fix
CSRF
Weakness Enumeration
Related Identifiers
Affected Products
Fusetalk
Stuart Jamieson
·
Published
2004-12-31
·
Updated
2024-02-08
·
CVE-2004-1995
7.5
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
FuseTalk version 2.0
Description:
A Cross-Site Request Forgery (CSRF) issue allows remote attackers to create arbitrary accounts via a link to "adduser.cfm".
Recommendations:
For FuseTalk version 2.0, consider disabling the account creation functionality until a patch is available. Restrict access to the "adduser.cfm" endpoint to minimize the risk of exploitation.
Exploit
Fix
CSRF