CVE-2005-3307
published 2005-10-26CVE-2005-3307: Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter…
PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.12%
86.2th percentile
Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flatnuke | flatnuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jf67-5p7g-mgxr: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2005-3306 [MEDIUM] GHSA-jf67-5p7g-mgxr: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307.
GHSA
GHSA-wrrm-v4f3-7p8w: Directory traversal vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2005-3307 [MEDIUM] GHSA-wrrm-v4f3-7p8w: Directory traversal vulnerability in index
Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=113018940229407&w=2http://secunia.com/advisories/17291/http://www.osvdb.org/20245http://www.securityfocus.com/bid/15172http://www.vupen.com/english/advisories/2005/2178http://marc.info/?l=bugtraq&m=113018940229407&w=2http://secunia.com/advisories/17291/http://www.osvdb.org/20245http://www.securityfocus.com/bid/15172http://www.vupen.com/english/advisories/2005/2178
2005-10-26
Published