CVE-2005-2813

Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.

Referenced by CVEs: CVE-2005-4448
Score5.0
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE
Published2005-09-07 02:03:00.000-04
Last Modified2018-10-19 11:33:43.000-04

Vulnerable Software List

VendorProductVersions
Flatnuke Flatnuke 2.5.6

References

SourceLink
BUGTRAQ20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure
SECTRACK1014824
SECTRACK1015339
BUGTRAQ20051210 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit
BID14702
BID15796