CVE-2007-5773

CSRF in the File Manager module (index.php) of Flatnuke 3 allows remote attackers to perform administrative actions via forged requests that include the dir parameter (pathname) and the ffile parameter (filename). The vulnerability originates from the module’s index.php handling of these paramete...

CVE-2007-5774

CVE-2007-5774 affects the File Manager module of Flatnuke 3. An error condition triggered by an invalid argumentname in a disc op action allows remote attackers to disclose the server path via an error message. The provided connected resources confirm the vulnerability description but do not spec...

CVE-2007-5772

CVE-2007-5772 describes a direct static code injection in the Flatnuke 3 download module. The vulnerability allows remote authenticated administrators to inject arbitrary PHP code into a file named description.it.php under a subdirectory of Download/ by saving a description and setting fneditmode...

CVE-2007-5771

CVE-2007-5771 affects Flatnuke 3 (aka FlatnuX). The issue allows remote attackers to obtain administrative access by manipulating a myforum%00 cookie. The description in multiple sources confirms remote exploitation without user interaction, enabling elevation of privileges to an admin level. No ...