Vulnerability in Fusionphp Fusion_news
CVE-2006-4240
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
EPSS: 0.032 (86.5th percentile) — read the EPSS interpretation.
Affected products
- Fusionphp Fusion_news — versions 1.0, 3.3, 3.6.1
- N/a — versions n/a
References
- cve@mitre.org (Exploit, vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Vendor Advisory, mailing-list, Exploit, x_refsource_BUGTRAQ)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_SREASON, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)