Vulnerabilities > CVE-2005-4208 - Directory Traversal vulnerability in Flatnuke 2.5.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Flatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit. CVE-2005-4208,CVE-2005-4449. Webapps exploit for php platform id EDB-ID:1367 last seen 2016-01-31 modified 2005-12-10 published 2005-12-10 reporter rgod source https://www.exploit-db.com/download/1367/ title Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit description Flatnuke <= 2.5.5 Remote Code Execution. CVE-2005-2540,CVE-2005-4208. Webapps exploit for php platform id EDB-ID:1140 last seen 2016-01-31 modified 2005-08-08 published 2005-08-08 reporter rgod source https://www.exploit-db.com/download/1140/ title Flatnuke <= 2.5.5 - Remote Code Execution
Nessus
NASL family | CGI abuses |
NASL id | FLATNUKE_ID_DIR_TRAVERSAL.NASL |
description | The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers fails to remove directory traversal sequences user input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20293 |
published | 2005-12-12 |
reporter | This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/20293 |
title | FlatNuke index.php id Parameter Traversal Arbitrary File Access |
code |
|