| VID |
21763 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The FlatNuke is vulnerable to a cross-site scripting vulnerability via the user parameter in a profile operation. FlatNuke is a CMS (Content Management System) written in PHP that is based entirely on plain text files rather than a database. FlatNuke version 2.5.6 and possibly other versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct directory traversal or cross site scripting attacks.
1) Directory traversal vulnerability: Input passed to the "user" and "quale" parameters in the "index.php" script isn't properly verified, before it is used to show file content. This can be exploited to disclose the content of arbitrary files via directory traversal attacks.
2) Multiple Cross-Site Scripting Vulnerabilities: Input passed to the "user" parameter in a profile operation and the "nome" parameter in a login operation isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=113019486931157&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=113018940229407&w=2
http://secunia.com/advisories/17291/
* Platforms Affected:
FlatNuke SourceForge Project, FlatNuke version 2.5.6 and possibly other versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of November 2005.
Upgrade to the latest version of FlatNuke (2.5.7 or later), when new fixed version becomes available from the SourceForge.net Web site at http://prdownloads.sourceforge.net/flatnuke/ |
| Related URL |
CVE-2005-3307,CVE-2005-3361 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
22839,22841 (ISS) |
|
