CVE-2007-5772

Flatnuke 3 - Authenticated PHP Code Injection via Download Module Description

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5772. PoCs published by KiNgOfThEwOrLd.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Flatnuke3 by bypassing cookie validation using a null byte injection. It also highlights a PHP code execution vulnerability in the download module by manipulating directory descriptions.

Description

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.

Exploits (1)

exploitdb WORKING POC VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4562

This exploit demonstrates a privilege escalation vulnerability in Flatnuke3 by bypassing cookie validation using a null byte injection. It also highlights a PHP code execution vulnerability in the download module by manipulating directory descriptions.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Flatnuke3
Auth required
Prerequisites: Valid user session · Access to the download module
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4562
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482774/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/43636

Scores

EPSS 0.0383
EPSS Percentile 88.7%

Details

CWE
CWE-94
Status published
Products (1)
flatnuke3/flatnuke3
Published Nov 01, 2007
Tracked Since Feb 18, 2026