CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2005-06-09 12:00:00.000-04
Last Modified2011-03-07 09:23:03.000-05

Vulnerable Software List

VendorProductVersions
Flatnuke Flatnuke 2.5.3

References

SourceLink
CONFIRMhttp://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256
SECTRACK1014114
MISChttp://secwatch.org/advisories/secwatch/20050604_flatnuke.txt
VUPENADV-2005-0697