CVE-2006-3608
published 2006-07-18CVE-2006-3608: The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin…
PriorityP428medium4.6CVSS 2.0
AVNACHAuSCPIPAP
EXPLOIT
EPSS
2.21%
80.4th percentile
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flatnuke | flatnuke | <= 2.5.7 | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
| flatnuke | flatnuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://retrogod.altervista.org/flatnuke257_adv.htmlhttp://secunia.com/advisories/21051http://securitytracker.com/id?1016499http://www.securityfocus.com/archive/1/439975/100/0/threadedhttp://www.securityfocus.com/archive/1/442421/100/0/threadedhttp://www.securityfocus.com/bid/18966https://exchange.xforce.ibmcloud.com/vulnerabilities/27731http://retrogod.altervista.org/flatnuke257_adv.htmlhttp://secunia.com/advisories/21051http://securitytracker.com/id?1016499http://www.securityfocus.com/archive/1/439975/100/0/threadedhttp://www.securityfocus.com/archive/1/442421/100/0/threadedhttp://www.securityfocus.com/bid/18966https://exchange.xforce.ibmcloud.com/vulnerabilities/27731
2006-07-18
Published