CyberSec.Space Logo
Back to CVE Browser

CVE-2005-0268

HIGH
7.5
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile37.72th
PublishedJan 3, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.

Affected Platforms (CPE)

πŸ“¦
Flatnuke

Flatnuke

= 2.5.1

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110477752916772&w=2
πŸ”— http://www.securityfocus.com/bid/12150
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18746
πŸ”— http://marc.info/?l=bugtraq&m=110477752916772&w=2
πŸ”— http://www.securityfocus.com/bid/12150
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18746

Related Vulnerabilities

CVE-2005-444810.0

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than ...

CVE-2005-02677.5

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_ava...

CVE-2005-18947.5

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.