CVE-2005-0268

Properties

Published:
02.01.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:C/A:P/B:N) Approximated
Product:
FlatNuke: FlatNuke

Vulnerability description

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110477752916772&w=2
BID: http://www.securityfocus.com/bid/12150
XF: http://xforce.iss.net/xforce/xfdb/18746
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110477752916772&w=2