Vulnerability Description
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flatnuke | Flatnuke | 2.5.3 |
Related Weaknesses (CWE)
References
- http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256PatchProduct
- http://secunia.com/advisories/15603Broken LinkPatchVendor Advisory
- http://securitytracker.com/id?1014114Broken LinkExploitPatch
- http://secwatch.org/advisories/secwatch/20050604_flatnuke.txtBroken LinkExploitPatch
- http://www.vupen.com/english/advisories/2005/0697Broken Link
- http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256PatchProduct
- http://secunia.com/advisories/15603Broken LinkPatchVendor Advisory
- http://securitytracker.com/id?1014114Broken LinkExploitPatch
- http://secwatch.org/advisories/secwatch/20050604_flatnuke.txtBroken LinkExploitPatch
- http://www.vupen.com/english/advisories/2005/0697Broken Link
FAQ
What is CVE-2005-1894?
CVE-2005-1894 is a vulnerability with a CVSS score of 7.5 (HIGH). Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be ...
How severe is CVE-2005-1894?
CVE-2005-1894 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1894?
Check the references section above for vendor advisories and patch information. Affected products include: Flatnuke Flatnuke.