Vulnerabilities > CVE-2006-3608 - Remote File Include vulnerability in FlatNuke
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file. Successful exploitation requires that Gallery uploads are enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Exploit-Db
| description | FlatNuke 2.5.7 Index.php Remote File Include Vulnerability. CVE-2006-3608. Webapps exploit for php platform |
| id | EDB-ID:28216 |
| last seen | 2016-02-03 |
| modified | 2006-07-13 |
| published | 2006-07-13 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/28216/ |
| title | FlatNuke 2.5.7 Index.php Remote File Include Vulnerability |
References
- http://retrogod.altervista.org/flatnuke257_adv.html
- http://secunia.com/advisories/21051
- http://securitytracker.com/id?1016499
- http://www.securityfocus.com/archive/1/439975/100/0/threaded
- http://www.securityfocus.com/archive/1/442421/100/0/threaded
- http://www.securityfocus.com/bid/18966
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27731