Direct code injection vulnerability in FlatNuke 2.5.3 allows remote malicious users to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flatnuke flatnuke 2.5.3 |