Vulnerabilities > Flatnuke > Flatnuke > 2.5.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-07-18 | CVE-2006-3608 | Remote File Include vulnerability in FlatNuke The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file. | 4.6 |
2005-06-09 | CVE-2005-1896 | Directory Traversal vulnerability in Flatnuke 2.5.3 Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | 5.0 |
2005-06-09 | CVE-2005-1895 | Cross-Site Scripting vulnerability in Flatnuke 2.5.3 Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. network flatnuke | 4.3 |
2005-06-09 | CVE-2005-1893 | Information Disclosure vulnerability in Flatnuke 2.5.3 FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. | 5.0 |