CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker...

CVE-2005-1896

CVE-2005-1896 affects FlatNuke 2.5.3; a directory traversal vulnerability in thumb.php allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. CVSS v2 base score 5.0 (MEDIUM) with network vector and low attack complexity; no exploitable details be...

CVE-2005-1895

Cross-site scripting XSS vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to 1 help.php or 2 footer.php...

FlatNuke 2.5.x - 'referer.php' Crafted Referer Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...