Vulnerability Description
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flatnuke | Flatnuke | 2.5.5 |
References
- http://marc.info/?l=bugtraq&m=112327238030127&w=2
- http://secunia.com/advisories/16330
- http://www.osvdb.org/18554
- http://www.rgod.altervista.org/flatnuke.htmlExploit
- http://www.securityfocus.com/bid/14485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21709
- http://marc.info/?l=bugtraq&m=112327238030127&w=2
- http://secunia.com/advisories/16330
- http://www.osvdb.org/18554
- http://www.rgod.altervista.org/flatnuke.htmlExploit
- http://www.securityfocus.com/bid/14485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21709
FAQ
What is CVE-2005-2540?
CVE-2005-2540 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, wh...
How severe is CVE-2005-2540?
CVE-2005-2540 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2540?
Check the references section above for vendor advisories and patch information. Affected products include: Flatnuke Flatnuke.