Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
References
Link | Resource |
---|---|
http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256 | Patch Product |
http://secunia.com/advisories/15603 | Broken Link Patch Vendor Advisory |
http://securitytracker.com/id?1014114 | Broken Link Exploit Patch Third Party Advisory VDB Entry |
http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt | Broken Link Exploit Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2005/0697 | Broken Link |
Configurations
History
13 Feb 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
References | (SECUNIA) http://secunia.com/advisories/15603 - Broken Link, Patch, Vendor Advisory | |
References | (CONFIRM) http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256 - Patch, Product | |
References | (SECTRACK) http://securitytracker.com/id?1014114 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2005/0697 - Broken Link | |
References | (MISC) http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt - Broken Link, Exploit, Patch, Vendor Advisory |
Information
Published : 2005-06-09 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-1894
Mitre link : CVE-2005-1894
CVE.ORG link : CVE-2005-1894
JSON object : View
Products Affected
flatnuke
- flatnuke
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')