Description
Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4561
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37413
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4561
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/43635
Scores
EPSS
0.0056
EPSS Percentile
68.4%
Details
CWE
CWE-352
Status
published
Products (1)
flatnuke3/flatnuke3
Published
Nov 01, 2007
Tracked Since
Feb 18, 2026