CyberSec.Space Logo
Back to CVE Browser

CVE-2005-4448

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile37.48th
PublishedDec 21, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.

Affected Platforms (CPE)

πŸ“¦
Flatnuke

Flatnuke

= 2.5.6

References & Advisories

πŸ”— http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup
πŸ”— http://securitytracker.com/id?1015339
πŸ”— http://www.securityfocus.com/archive/1/419107
πŸ”— http://www.securityfocus.com/bid/15796
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/22159
πŸ”— http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup
πŸ”— http://securitytracker.com/id?1015339
πŸ”— http://www.securityfocus.com/archive/1/419107

Related Vulnerabilities

CVE-2005-18947.5

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-02687.5

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-02677.5

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_ava...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.