CVE-2005-1894

EPSS 3.5%

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/25801unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256 http://secunia.com/advisories/15603 http://securitytracker.com/id?1014114 http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt http://www.vupen.com/english/advisories/2005/0697