print.php in FlatNuke 2.5.6 allows remote malicious users to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flatnuke flatnuke 2.5.6 |