Vulnerability CVE-2005-4449
Published: 2005-12-21   Modified: 2012-02-12

Description:
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Flatnuke 2.5.6 privilege escalation / remote commands execution exploit
rgod
11.12.2005

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Flatnuke -> Flatnuke 

 References:
http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup
http://securityreason.com/securityalert/248
http://securitytracker.com/id?1015339
http://www.securityfocus.com/archive/1/419107
https://exchange.xforce.ibmcloud.com/vulnerabilities/22159
Copyright 2024, cxsecurity.com

 

Back to Top