Flatnuke: >> Flatnuke >> 2.5.1 Security Vulnerabilities
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
CVSS Score
4.6
EPSS Score
0.036
Published
2006-07-18
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
CVSS Score
6.4
EPSS Score
0.01
Published
2005-06-09
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
CVSS Score
7.5
EPSS Score
0.009
Published
2005-05-02
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.
CVSS Score
7.5
EPSS Score
0.007
Published
2005-01-03