Vulnerabilities > CVE-2005-0345 - Unspecified vulnerability in PHP Fusion PHP Fusion 4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | PHP-Fusion 4.0 Viewthread.PHP Information Disclosure Vulnerbility. CVE-2005-0345. Webapps exploit for php platform |
| id | EDB-ID:25089 |
| last seen | 2016-02-03 |
| modified | 2005-02-08 |
| published | 2005-02-08 |
| reporter | TheGreatOne2176 |
| source | https://www.exploit-db.com/download/25089/ |
| title | PHP-Fusion 4.0 Viewthread.PHP Information Disclosure Vulnerbility |
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_FUSION_INFO_LEAK.NASL |
| description | A vulnerability exists in the version of PHP-Fusion installed on the remote host that may allow an attacker to read the contents of arbitrary forums and threads, regardless of the attacker |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 16336 |
| published | 2005-02-09 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/16336 |
| title | PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access |