CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
References
Link Resource
http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256 Patch Product
http://secunia.com/advisories/15603 Broken Link Patch Vendor Advisory
http://securitytracker.com/id?1014114 Broken Link Exploit Patch Third Party Advisory VDB Entry
http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt Broken Link Exploit Patch Vendor Advisory
http://www.vupen.com/english/advisories/2005/0697 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:flatnuke:flatnuke:2.5.3:*:*:*:*:*:*:*

History

13 Feb 2024, 16:19

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-94
References (SECUNIA) http://secunia.com/advisories/15603 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/15603 - Broken Link, Patch, Vendor Advisory
References (CONFIRM) http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256 - Patch (CONFIRM) http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256 - Patch, Product
References (SECTRACK) http://securitytracker.com/id?1014114 - Exploit, Patch (SECTRACK) http://securitytracker.com/id?1014114 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2005/0697 - (VUPEN) http://www.vupen.com/english/advisories/2005/0697 - Broken Link
References (MISC) http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt - Exploit, Patch, Vendor Advisory (MISC) http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt - Broken Link, Exploit, Patch, Vendor Advisory

Information

Published : 2005-06-09 04:00

Updated : 2024-02-28 10:42


NVD link : CVE-2005-1894

Mitre link : CVE-2005-1894

CVE.ORG link : CVE-2005-1894


JSON object : View

Products Affected

flatnuke

  • flatnuke
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')