Vulnerabilities > CVE-2005-4449 - Remote Security vulnerability in Flatnuke 2.5.6

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
flatnuke
exploit available
NVD
Published: 2005-12-21
Updated: 2017-07-20

Summary

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

Vulnerable Configurations

Part Description Count
Application
Flatnuke
1

Exploit-Db

descriptionFlatnuke 2.5.6 Privilege Escalation / Remote Commands Execution Exploit. CVE-2005-4208,CVE-2005-4449. Webapps exploit for php platform
idEDB-ID:1367
last seen2016-01-31
modified2005-12-10
published2005-12-10
reporterrgod
sourcehttps://www.exploit-db.com/download/1367/
titleFlatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit

References