Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3608

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-3608
Last Modified 05 Sep 2008 05:07:35
Published 18 Jul 2006 11:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2006-3608

Summary

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.

Vulnerable Systems

Application

  • Flatnuke 1.0

  • Flatnuke 1.5

  • Flatnuke 1.6

  • Flatnuke 1.7

  • Flatnuke 1.8

  • Flatnuke 2.0

  • Flatnuke 2.5.1

  • Flatnuke 2.5.3

  • Flatnuke 2.5.5

  • Flatnuke 2.5.6

  • Flatnuke 2.5.7


References

BID - 18966

BUGTRAQ - 20060713 flatnuke <= 2.5.7 arbitrary php file upload

MISC - http://retrogod.altervista.org/flatnuke257_adv.html

XF - flatnuke-gallery-code-execution(27731)

BUGTRAQ - 20060807 Re: flatnuke <= 2.5.7 arbitrary php file upload

SECTRACK - 1016499

SECUNIA - 21051


Last Updated: 27 May 2016 10:43:04