CVE-2005-4208

Flatnuke 2.5.6 - Directory Traversal via Read Module ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4208. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets Flatnuke 2.5.5 by injecting malicious PHP code into the user registration process, creating a backdoor file that allows remote command execution. The script sends crafted HTTP requests to register a user with a malicious signature field containing PHP code.

Description

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1140

View Code ZIP pw:eip

This exploit targets Flatnuke 2.5.5 by injecting malicious PHP code into the user registration process, creating a backdoor file that allows remote command execution. The script sends crafted HTTP requests to register a user with a malicious signature field containing PHP code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Flatnuke 2.5.5 (possibly prior versions)

No auth needed

Prerequisites: Target must have Flatnuke 2.5.5 or earlier installed · PHP must be configured with allow_call_time_pass_reference and register_globals enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1367

View Code ZIP pw:eip

This exploit targets a privilege escalation and remote command execution vulnerability in Flatnuke 2.5.6. It leverages a path traversal flaw to disclose admin credentials and then crafts an admin cookie to edit PHP files, enabling arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Flatnuke 2.5.6

No auth needed

Prerequisites: magic_quotes_gpc must be off · target must be running Flatnuke 2.5.6

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/419107/100/0/threaded

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15796

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015339

Scores

EPSS 0.0216

EPSS Percentile 84.7%

Details

Status published

Products (1)

flatnuke/flatnuke 2.5.6

Published Dec 13, 2005

Tracked Since Feb 18, 2026