CyberSec.Space Logo
返回 CVE 浏览器

CVE-2005-4448

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile37.48th
Published2005年12月21日
Last Modified2026年4月16日

Vulnerability Description

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.

Affected Platforms (CPE)

📦
Flatnuke

Flatnuke

= 2.5.6

References & Advisories

🔗 http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup
🔗 http://securitytracker.com/id?1015339
🔗 http://www.securityfocus.com/archive/1/419107
🔗 http://www.securityfocus.com/bid/15796
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/22159
🔗 http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup
🔗 http://securitytracker.com/id?1015339
🔗 http://www.securityfocus.com/archive/1/419107

相关漏洞威胁

CVE-2005-18947.5

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-02687.5

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-02677.5

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_ava...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.