| VID |
21793 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The FlatNuke program is vulnerable to a directory traversal vulnerability via the id parameter of the read module. FlatNuke is a CMS (Content Management System) written in PHP that is based entirely on plain text files rather than a database. FlatNuke version 2.5.6 and possibly other versions allow a remote attacker to traverse directories and view files residing outside of the Web root, caused by improper validation of user-supplied input passed to the 'id' parameter of the 'index.php' script. By sending a specially-crafted URL containing "dot dot" sequences (../) and null byte (%00), a remote attacker could read arbitrary files outside of the web root directory with the privileges of the Web service.
* References:
http://rgod.altervista.org/flatnuke256_xpl.html
http://www.securityfocus.com/archive/1/archive/1/419107/100/0/threaded
http://securitytracker.com/alerts/2005/Dec/1015339.html
* Platforms Affected:
FlatNuke SourceForge Project, FlatNuke version 2.5.6 and possibly other versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of December 2005.
Upgrade to the latest version of FlatNuke (2.5.7 or later), when new fixed version becomes available from the SourceForge.net Web site at http://prdownloads.sourceforge.net/flatnuke/
As a workaround, enable PHP's 'magic_quotes_gpc' setting. |
| Related URL |
CVE-2005-4208 (CVE) |
| Related URL |
15796 (SecurityFocus) |
| Related URL |
(ISS) |
|
