FlatNuke User Signature Arbitrary Command Execution

2005-08-04T05:19:28
ID OSVDB:18554
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-08-04T05:19:28

Description

Vulnerability Description

Flatnuke contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the program not properly sanitizing user input supplied to the user registration function. This may allow an attacker to include an arbitrary command in the user registration file [username].php which can be executed by the attacker.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Flatnuke contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the program not properly sanitizing user input supplied to the user registration function. This may allow an attacker to include an arbitrary command in the user registration file [username].php which can be executed by the attacker.

References:

Vendor URL: http://flatnuke.sourceforge.net/ Secunia Advisory ID:16330 Related OSVDB ID: 18551 Related OSVDB ID: 18549 Related OSVDB ID: 18550 Related OSVDB ID: 18552 Related OSVDB ID: 18553 Other Advisory URL: http://rgod.altervista.org/flatnuke.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0082.html ISS X-Force ID: 21709 CVE-2005-2540 Bugtraq ID: 14485