CVE-2007-5774

Flatnuke3 - Information Exposure via File Manager Invalid Argumentname Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5774. PoCs published by KiNgOfThEwOrLd.

AI-analyzed exploit summary The document describes a remote command execution and privilege escalation vulnerability in Flatnuke 3's File Manager module. It explains how an attacker can exploit the vulnerability by manipulating file operations to edit user credentials or upload malicious scripts, and includes examples of exploit URLs and forms.

Description

index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4561

The document describes a remote command execution and privilege escalation vulnerability in Flatnuke 3's File Manager module. It explains how an attacker can exploit the vulnerability by manipulating file operations to edit user credentials or upload malicious scripts, and includes examples of exploit URLs and forms.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Flatnuke 3
No auth needed
Prerequisites: Knowledge of the script path · Access to the File Manager module
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4561
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/43120
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37404

Scores

EPSS 0.0260
EPSS Percentile 83.3%

Details

CWE
CWE-200
Status published
Products (1)
flatnuke3/flatnuke3
Published Nov 01, 2007
Tracked Since Feb 18, 2026