CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-1894

HIGH
7.5
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile17.41th
Published2005年6月9日
Last Modified2026年4月16日

Vulnerability Description

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Affected Platforms (CPE)

📦
Flatnuke

Flatnuke

= 2.5.3

References & Advisories

🔗 http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256
🔗 http://secunia.com/advisories/15603
🔗 http://securitytracker.com/id?1014114
🔗 http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt
🔗 http://www.vupen.com/english/advisories/2005/0697
🔗 http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256
🔗 http://secunia.com/advisories/15603
🔗 http://securitytracker.com/id?1014114

相關漏洞威脅

CVE-2005-444810.0

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than ...

CVE-2005-02687.5

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code in...

CVE-2005-02677.5

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_ava...

CVE-2007-57717.5

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.