CVE-2005-0268

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2005-01-03 12:00:00.000-05
Last Modified2017-07-10 09:32:10.000-04

Vulnerable Software List

VendorProductVersions
Flatnuke Flatnuke 2.5.1

References

SourceLink
BUGTRAQ20050102 Multiple Vulnerabilities in FlatNuke
BID12150
XFflatnuke-indexphp-xss(18746)