5
CVE-2005-2540
- EPSS 6.1%
- Veröffentlicht 10.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:15:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.1% | 0.925 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://marc.info/?l=bugtraq&m=112327238030127&w=2
http://secunia.com/advisories/16330
http://www.rgod.altervista.org/flatnuke.html
http://www.osvdb.org/18554
http://www.securityfocus.com/bid/14485
https://exchange.xforce.ibmcloud.com/vulnerabilities/21709