CVE-2005-2815

print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.

Score6.4
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactPARTIAL
Published2005-09-07 02:03:00.000-04
Last Modified2017-07-10 09:33:00.000-04

Vulnerable Software List

VendorProductVersions
Flatnuke Flatnuke 2.5.6

References

SourceLink
BUGTRAQ20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure
SECTRACK1014824
XFflatnuke-msdos-news-path-disclosure(22153)