CyberSec.Space Logo
返回 CVE 浏览器

CVE-2005-0267

HIGH
7.5
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile4.08th
Published2005年5月2日
Last Modified2026年4月16日

Vulnerability Description

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.

Affected Platforms (CPE)

📦
Flatnuke

Flatnuke

= 2.5.1

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110477752916772&w=2
🔗 http://www.securityfocus.com/bid/12150
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18741
🔗 http://marc.info/?l=bugtraq&m=110477752916772&w=2
🔗 http://www.securityfocus.com/bid/12150
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18741

相关漏洞威胁

CVE-2005-444810.0

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than ...

CVE-2005-02687.5

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-18947.5

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.