https://www.exploit-db.com/exploits/25089
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-264

php-fusion4.x的viewthread.php并不会检查(1)forum_id或(2)forum_cat参数，从而远程攻击者可以通过thread_id参数查看受保护的论坛。

source: http://www.securityfocus.com/bid/12482/info

PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input.

It is reported that an attacker could leverage this vulnerability to view any thread of protected forums on an affected version of the application. All PHP-Fusion 4 versions are reportedly affected by this vulnerability; earlier versions may also be vulnerable. 

http://www.example.com/fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2

来源:XF
名称:phpfusion-viewthread-obtain-information(19257)
链接:http://xforce.iss.net/xforce/xfdb/19257
来源:BUGTRAQ
名称:20050208php-fusion4.xvuln
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110788267311132&w;=2
来源:BID
名称:12482
链接:http://www.securityfocus.com/bid/12482