It has been reported that FuseTalk is affected by an administrator command execution vulnerability in the adduser.cfm script. This issue is due to a failure of the application to properly validate the origin of user supplied data.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed by a forum administrator, the attacker supplied command would be carried out with the viewer's privileges. This would occur in the security context of the affected web site and may allow creation of arbitrary users, and other attacks.
FuseTalk contains a flaw that allows a remote attacker to create an arbitrary account. The issue is triggered when passing parameters to the adduser.cfm administrtation template via an HTTP GET statement. This could allow a remote attacker to create a specially crafted URL that would create a new account, once the request is viewed by an Administrator, leading to a loss of confidentiality and integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.