CVE-2005-1894

Flatnuke - Code Injection

Title source: rule

Description

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecWatch · phpwebappsphp

https://www.exploit-db.com/exploits/25801

View Code ZIP pw:eip

References (5)

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014114

[Broken Link, Patch, Vendor Advisory] http://secunia.com/advisories/15603

[Broken Link, Exploit, Patch, Vendor Advisory] http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt

[Broken Link] http://www.vupen.com/english/advisories/2005/0697

[Patch, Product] http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256

Scores

EPSS 0.0892

EPSS Percentile 92.6%

Details

CWE

CWE-94

Status published

Products (1)

flatnuke/flatnuke 2.5.3

Published Jun 09, 2005

Tracked Since Feb 18, 2026