Vulnerabilities > CVE-2005-0345 - Unspecified vulnerability in PHP Fusion PHP Fusion 4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | PHP-Fusion 4.0 Viewthread.PHP Information Disclosure Vulnerbility. CVE-2005-0345. Webapps exploit for php platform |
id | EDB-ID:25089 |
last seen | 2016-02-03 |
modified | 2005-02-08 |
published | 2005-02-08 |
reporter | TheGreatOne2176 |
source | https://www.exploit-db.com/download/25089/ |
title | PHP-Fusion 4.0 Viewthread.PHP Information Disclosure Vulnerbility |
Nessus
NASL family | CGI abuses |
NASL id | PHP_FUSION_INFO_LEAK.NASL |
description | A vulnerability exists in the version of PHP-Fusion installed on the remote host that may allow an attacker to read the contents of arbitrary forums and threads, regardless of the attacker |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16336 |
published | 2005-02-09 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16336 |
title | PHP-Fusion < 5.00 viewthread.php Arbitrary Message Thread / Forum Access |