CVE-2005-0267

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2005-05-02 12:00:00.000-04
Last Modified2017-07-10 09:32:10.000-04

Vulnerable Software List

VendorProductVersions
Flatnuke Flatnuke 2.5.1

References

SourceLink
BUGTRAQ20050102 Multiple Vulnerabilities in FlatNuke
BID12150
XFflatnuke-indexphp-gain-access(18741)