Published: 21/12/2005 Updated: 20/07/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flatnuke flatnuke 2.5.6

<?php # ---flatnuke_256_xplphp 432 10/12/2005 # # Flatnuke 256 privilege escalation / remote commands execution exploit # (works with magic_quotes_gpc off, try this with 255: # wwwmilw0rmcom/idphp?id=1140 (wwwexploit-dbcom/exploits/1140/)) # # coded by rgod at rgodaltervista ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/419107 http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup http://securitytracker.com/id?1015339 http://securityreason.com/securityalert/248 https://exchange.xforce.ibmcloud.com/vulnerabilities/22159 https://nvd.nist.gov https://www.exploit-db.com/exploits/1367/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-4449

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect