Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4449

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2005-4449
Last Modified 05 Sep 2008 04:56:55
Published 21 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-4449

Summary

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

Vulnerable Systems

Application

  • Flatnuke 2.5.6


References

XF - flatnuke-multiple-obtain-information(22159)

BUGTRAQ - 20051210 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit

SECTRACK - 1015339

MISC - http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup

SREASON - 248


Last Updated: 27 May 2016 10:41:18