Vulnerability Description
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flatnuke | Flatnuke | 2.5.6 |
References
- http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=
- http://securityreason.com/securityalert/248
- http://securitytracker.com/id?1015339Exploit
- http://www.securityfocus.com/archive/1/419107Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22159
- http://cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=
- http://securityreason.com/securityalert/248
- http://securitytracker.com/id?1015339Exploit
- http://www.securityfocus.com/archive/1/419107Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22159
FAQ
What is CVE-2005-4449?
CVE-2005-4449 is a vulnerability with a CVSS score of 4.0 (MEDIUM). verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter....
How severe is CVE-2005-4449?
CVE-2005-4449 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4449?
Check the references section above for vendor advisories and patch information. Affected products include: Flatnuke Flatnuke.