QwikSec

Security Database

CVE

CWE

Training

CVE-2005-4449

Published: Dec 21, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

flatnuke-multiple-obtain-information(22159)

vdb-entry

x_refsource_XF

http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup

x_refsource_MISC

20051210 Flatnuke 2.5.6 privilege escalation / remote commands execution exploit

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.