CVEブラウザに戻る

CVE-2005-0268

HIGH

7.5

CVSS Severity Score

EPSS Score0.1360%

EPSS Percentile37.72th

Published2005年1月3日

Last Modified2026年4月16日

Vulnerability Description

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.

Affected Platforms (CPE)

📦

Flatnuke

Flatnuke

= 2.5.1

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110477752916772&w=2

🔗 http://www.securityfocus.com/bid/12150

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18746

🔗 http://marc.info/?l=bugtraq&m=110477752916772&w=2

🔗 http://www.securityfocus.com/bid/12150

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18746

関連する脆弱性情報

CVE-2005-444810.0

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than ...

CVE-2005-02677.5

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_ava...

CVE-2005-18947.5

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.