icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP-Fusion viewthread.php Arbitrary Thread Access

Medium

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote host is running a version of PHP-Fusion that is vulnerable to an information leak via the viewthread.php script. Specifically, viewthread.php does not properly sanitize $_GET variables. An attacker exploiting this flaw would be able to view all threads (to include protected threads).

Solution

No solution is known at this time.