Full title: PHP-fusion v7.02.06 XSRF/CSRF vulnerability 
Category: web applications
Platform: php
The PHP-Fusion BBCode system contains a XSRF vulnerability which is exploited through the IMG tags. The function that checks a remote image link will output an image as a long a as it meets the requirements (in this cases an image). Check image exists => check file extension is valid for images => if !$err => display image 
else => not display image.

# 0day.today @ http://0day.today/