CVE-2005-2540

FlatNuke 2.5.5 - Code Injection

Title source: llm

Description

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1140

View Code ZIP pw:eip

References (6)

[Mailing List] http://marc.info/?l=bugtraq&m=112327238030127&w=2

[Third Party Advisory, VDB Entry] http://www.osvdb.org/18554

[Exploit] http://www.rgod.altervista.org/flatnuke.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/14485

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/21709

[Third Party Advisory] http://secunia.com/advisories/16330

Scores

EPSS 0.0632

EPSS Percentile 91.0%

Details

Status published

Products (1)

flatnuke/flatnuke 2.5.5

Published Aug 10, 2005

Tracked Since Feb 18, 2026