Vulnerabilities > Flatnuke > Flatnuke > 2.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-18 | CVE-2006-3608 | Remote File Include vulnerability in FlatNuke The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file. | 4.6 |
| 2005-05-02 | CVE-2005-0267 | Unspecified vulnerability in Flatnuke 2.5.1 index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | 7.5 |
| 2005-01-03 | CVE-2005-0268 | Unspecified vulnerability in Flatnuke 2.5.1 Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. | 7.5 |