CVE-2007-5773

Flatnuke 3 - Cross-Site Request Forgery via File Manager dir and ffile Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5773. PoCs published by KiNgOfThEwOrLd.

AI-analyzed exploit summary The document describes a remote command execution and privilege escalation vulnerability in Flatnuke 3's File Manager module. It explains how an attacker can exploit the vulnerability by manipulating file operations to edit user credentials or upload malicious scripts, and includes examples of exploit URLs and forms.

Description

Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4561

The document describes a remote command execution and privilege escalation vulnerability in Flatnuke 3's File Manager module. It explains how an attacker can exploit the vulnerability by manipulating file operations to edit user credentials or upload malicious scripts, and includes examples of exploit URLs and forms.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Flatnuke 3
No auth needed
Prerequisites: Knowledge of the script path · Access to the File Manager module
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37413
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4561
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/43635

Scores

EPSS 0.0088
EPSS Percentile 54.2%

Details

CWE
CWE-352
Status published
Products (1)
flatnuke3/flatnuke3
Published Nov 01, 2007
Tracked Since Feb 18, 2026