php-fusion 4.x vuln

[<thegreatone2176 () yahoo com>]

TheGreatOne2176, Reapercore

I have a found an error in php-fusion 4.x where you can view any thread on the forum.

In fusion_forum/viewthread.php the $_GET variables arent properly checked or queried making it possible to view all 
threads. The example I tested was

fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2

forum_id and forum_cat are not valid id's making the script skip them entirely.  So the error comes in since each 
thread is assigned a certain integer (thread_id for this script) and since the category checks were being skipped, I 
could just browse the forum by picking a thread_id. I went number by number and could view all of the threads in the 
protected forums.