Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1894

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1894
Last Modified 07 Mar 2011 09:23:03
Published 09 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1894

Summary

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Vulnerable Systems

Application

  • Flatnuke 2.5.3


References

MISC - http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt

SECTRACK - 1014114

SECUNIA - 15603

CONFIRM - http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256

VUPEN - ADV-2005-0697


Last Updated: 27 May 2016 10:40:20