Flatnuke: >> Flatnuke >> 2.3 Security Vulnerabilities
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
CVSS Score
4.6
EPSS Score
0.036
Published
2006-07-18
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
CVSS Score
6.4
EPSS Score
0.01
Published
2005-06-09