The Gallery module in Simone Vellei Flatnuke 2.5.7 and previous versions, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flatnuke flatnuke 1.8 |
||
flatnuke flatnuke 2.0 |
||
flatnuke flatnuke 1.6 |
||
flatnuke flatnuke 1.7 |
||
flatnuke flatnuke |
||
flatnuke flatnuke 1.0 |
||
flatnuke flatnuke 1.5 |
||
flatnuke flatnuke 2.5.5 |
||
flatnuke flatnuke 2.5.6 |
||
flatnuke flatnuke 2.5.1 |
||
flatnuke flatnuke 2.5.3 |