CVE-2006-3608

Simone Vellei Flatnuke <2.5.7 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3608. PoCs published by rgod.

AI-analyzed exploit summary The provided text describes a remote file-include vulnerability in FlatNuke 2.5.7, where unsanitized user input in the 'mod' parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Description

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by rgod · textwebappsphp

https://www.exploit-db.com/exploits/28216

View Code ZIP pw:eip

The provided text describes a remote file-include vulnerability in FlatNuke 2.5.7, where unsanitized user input in the 'mod' parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: FlatNuke 2.5.7

No auth needed

Prerequisites: Target running FlatNuke 2.5.7 or prior · Ability to send HTTP requests to the target

MITRE ATT&CK