CyberSec.Space Logo
Back to CVE Browser

CVE-2005-0267

HIGH
7.5
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile4.08th
PublishedMay 2, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.

Affected Platforms (CPE)

πŸ“¦
Flatnuke

Flatnuke

= 2.5.1

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110477752916772&w=2
πŸ”— http://www.securityfocus.com/bid/12150
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18741
πŸ”— http://marc.info/?l=bugtraq&m=110477752916772&w=2
πŸ”— http://www.securityfocus.com/bid/12150
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18741

Related Vulnerabilities

CVE-2005-444810.0

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than ...

CVE-2005-02687.5

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-18947.5

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.