CyberSec.Space Logo
Back to CVE Browser

CVE-2005-1894

HIGH
7.5
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile17.41th
PublishedJun 9, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Affected Platforms (CPE)

πŸ“¦
Flatnuke

Flatnuke

= 2.5.3

References & Advisories

πŸ”— http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256
πŸ”— http://secunia.com/advisories/15603
πŸ”— http://securitytracker.com/id?1014114
πŸ”— http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt
πŸ”— http://www.vupen.com/english/advisories/2005/0697
πŸ”— http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256
πŸ”— http://secunia.com/advisories/15603
πŸ”— http://securitytracker.com/id?1014114

Related Vulnerabilities

CVE-2005-444810.0

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than ...

CVE-2005-02687.5

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-02677.5

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_ava...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.