CVE-2005-2540 in FlatNukeinfo

Summary

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

08/10/2005

Disclosure

08/10/2005

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-80

Exploit

Download

CVSS

4.3

EPSS

0.06320

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-2540
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2540
CVE Details	https://www.cvedetails.com/cve/CVE-2005-2540/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!