Vulnerabilities > CVE-2005-4448 - Directory Traversal vulnerability in Flatnuke 2.5.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |