php-fusion 4.x has a bypass vulnerability where a remote attacker can view any thread.
c7ed125f9030d5ddd42cd6eefbd5b3f3c4ed2a1d8327228f82d6f55f50e50a2c
TheGreatOne2176, Reapercore
I have a found an error in php-fusion 4.x where you can view any thread on the forum.
In fusion_forum/viewthread.php the $_GET variables arent properly checked or queried making it possible to view all threads. The example I tested was
fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2
forum_id and forum_cat are not valid id's making the script skip them entirely. So the error comes in since each thread is assigned a certain integer (thread_id for this script) and since the category checks were being skipped, I could just browse the forum by picking a thread_id. I went number by number and could view all of the threads in the protected forums.