CVE-2005-4449

FlatNuke 2.5.6 - Code Injection

Title source: llm

Description

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1367

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22159

[Product] http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup

[Exploit] http://www.securityfocus.com/archive/1/419107

[Exploit] http://securitytracker.com/id?1015339

[Third Party Advisory] http://securityreason.com/securityalert/248

Scores

EPSS 0.0329

EPSS Percentile 87.2%

Details

Status published

Products (1)

flatnuke/flatnuke 2.5.6

Published Dec 21, 2005

Tracked Since Feb 18, 2026