cbcvebase.
CVE-2006-3608
published 2006-07-18

CVE-2006-3608: The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin…

PriorityP428medium4.6CVSS 2.0
AVNACHAuSCPIPAP
EXPLOIT
EPSS
2.21%
80.4th percentile
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.

Affected

11 ranges
VendorProductVersion rangeFixed in
flatnukeflatnuke<= 2.5.7
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
flatnukeflatnuke
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.