返回 CVE 瀏覽器

CVE-2005-0267

HIGH

7.5

CVSS Severity Score

EPSS Score0.0790%

EPSS Percentile4.08th

Published2005年5月2日

Last Modified2026年4月16日

Vulnerability Description

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.

Affected Platforms (CPE)

📦

Flatnuke

Flatnuke

= 2.5.1

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110477752916772&w=2

🔗 http://www.securityfocus.com/bid/12150

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18741

🔗 http://marc.info/?l=bugtraq&m=110477752916772&w=2

🔗 http://www.securityfocus.com/bid/12150

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18741

相關漏洞威脅

CVE-2005-444810.0

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than ...

CVE-2005-02687.5

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-18947.5

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.