Lucene search

[email protected]CVE-2005-4449

HistoryDec 21, 2005 - 11:03 a.m.

CVE-2005-4449

2005-12-2111:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4449

flatnuke

verify.php

remote code injection

security vulnerability

7.4 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.3%

JSON

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

CPENameOperatorVersion
flatnuke:flatnukeflatnukeeq2.5.6

CPE	Name	Operator	Version
flatnuke:flatnuke	flatnuke	eq	2.5.6

References

cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelog?rev=1.78&view=markup

securityreason.com/securityalert/248

securitytracker.com/id?1015339

www.securityfocus.com/archive/1/419107

exchange.xforce.ibmcloud.com/vulnerabilities/22159

7.4 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.3%

JSON