CVE-2005-4449

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

Published: Dec 21, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4449
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
flatnuke / flatnuke	2.5.6	2.5.6.x

http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup
http://securityreason.com/securityalert/248
http://securitytracker.com/id?1015339
http://www.securityfocus.com/archive/1/419107
https://exchange.xforce.ibmcloud.com/vulnerabilities/22159

Vulnerability Database

290,020

CVE-2005-4449